Wed Apr 21 05:17:37 2010 UTC ()
sync to netbsd-5


(matt)
diff -r1.1 -r1.1.14.1 src/crypto/dist/heimdal/lib/krb5/krb5_get_creds.3
diff -r1.1 -r1.1.14.1 src/crypto/dist/heimdal/lib/krb5/krb5_get_in_cred.3
diff -r1.9 -r1.9.14.1 src/crypto/dist/heimdal/lib/krb5/krb5_keytab.3
diff -r1.21.4.1 -r1.21.4.1.4.1 src/crypto/dist/ipsec-tools/src/racoon/handler.c
diff -r1.42.4.1 -r1.42.4.1.4.1 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
diff -r1.46.4.1 -r1.46.4.1.4.1 src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
diff -r1.1.1.7 -r1.1.1.7.10.1 src/crypto/dist/openssl/crypto/comp/c_zlib.c
diff -r1.1.1.5.8.1 -r1.1.1.5.8.1.2.1 src/crypto/dist/openssl/crypto/evp/m_sha1.c
diff -r1.1.1.12 -r1.1.1.12.10.1 src/crypto/dist/openssl/ssl/s3_enc.c
diff -r1.1.1.12 -r1.1.1.12.10.1 src/crypto/dist/openssl/ssl/t1_enc.c
diff -r1.14 -r1.14.10.1 src/crypto/dist/openssl/ssl/s3_lib.c
diff -r1.9.8.1 -r1.9.8.1.2.1 src/crypto/dist/openssl/ssl/s3_pkt.c
diff -r1.15.4.1 -r1.15.4.1.4.1 src/crypto/dist/openssl/ssl/s3_srvr.c
diff -r1.13 -r1.13.10.1 src/crypto/dist/openssl/ssl/ssl_locl.h
diff -r1.21.8.1 -r1.21.8.1.2.1 src/crypto/dist/ssh/cipher.c
diff -r1.2.28.1 -r1.2.28.1.2.1 src/crypto/dist/ssh/cipher.h
diff -r1.30.8.1 -r1.30.8.1.2.1 src/crypto/dist/ssh/packet.c
cvs diff -r1.1 -r1.1.14.1 src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_creds.3 (expand / switch to unified diff)

--- src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_creds.3 2008/03/22 08:37:14 1.1
+++ src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_creds.3 2010/04/21 05:17:36 1.1.14.1
@@ -20,27 +20,27 @@ @@ -20,27 +20,27 @@
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE. 30.\" SUCH DAMAGE.
31.\" 31.\"
32.\" $Heimdal: krb5_get_creds.3 22071 2007-11-14 20:04:50Z lha $ 32.\" $Heimdal: krb5_get_creds.3 22071 2007-11-14 20:04:50Z lha $
33.\" $NetBSD: krb5_get_creds.3,v 1.1 2008/03/22 08:37:14 mlelstv Exp $ 33.\" $NetBSD: krb5_get_creds.3,v 1.1.14.1 2010/04/21 05:17:36 matt Exp $
34.\" 34.\"
35.Dd June 15, 2006 35.Dd June 15, 2006
36.Dt KRB5_GET_CREDS 3 36.Dt KRB5_GET_CREDS 3
37.Os 37.Os
38.Sh NAME 38.Sh NAME
39.Nm krb5_get_creds , 39.Nm krb5_get_creds ,
40.Nm krb5_get_creds_opt_add_options , 40.Nm krb5_get_creds_opt_add_options ,
41.Nm krb5_get_creds_opt_alloc , 41.Nm krb5_get_creds_opt_alloc ,
42.Nm krb5_get_creds_opt_free , 42.Nm krb5_get_creds_opt_free ,
43.Nm krb5_get_creds_opt_set_enctype , 43.Nm krb5_get_creds_opt_set_enctype ,
44.Nm krb5_get_creds_opt_set_impersonate , 44.Nm krb5_get_creds_opt_set_impersonate ,
45.Nm krb5_get_creds_opt_set_options , 45.Nm krb5_get_creds_opt_set_options ,
46.Nm krb5_get_creds_opt_set_ticket 46.Nm krb5_get_creds_opt_set_ticket
@@ -124,27 +124,27 @@ consumers free the memory before calling @@ -124,27 +124,27 @@ consumers free the memory before calling
124The structure 124The structure
125.Li krb5_get_creds_opt 125.Li krb5_get_creds_opt
126is allocated with 126is allocated with
127.Fn krb5_get_creds_opt_alloc 127.Fn krb5_get_creds_opt_alloc
128and freed with 128and freed with
129.Fn krb5_get_creds_opt_free . 129.Fn krb5_get_creds_opt_free .
130The free function also frees the content of the structure set by the 130The free function also frees the content of the structure set by the
131accessor functions. 131accessor functions.
132.Pp 132.Pp
133.Fn krb5_get_creds_opt_add_options 133.Fn krb5_get_creds_opt_add_options
134and 134and
135.Fn krb5_get_creds_opt_set_options 135.Fn krb5_get_creds_opt_set_options
136adds and sets options to the 136adds and sets options to the
137.Fi krb5_get_creds_opt 137.Vt krb5_get_creds_opt
138structure . 138structure .
139The possible options to set are 139The possible options to set are
140.Bl -tag -width "KRB5_GC_USER_USER" -compact 140.Bl -tag -width "KRB5_GC_USER_USER" -compact
141.It KRB5_GC_CACHED 141.It KRB5_GC_CACHED
142Only check the 142Only check the
143.Fa ccache , 143.Fa ccache ,
144don't got out on network to fetch credential. 144don't got out on network to fetch credential.
145.It KRB5_GC_USER_USER 145.It KRB5_GC_USER_USER
146request a user to user ticket. 146request a user to user ticket.
147This options doesn't store the resulting user to user credential in 147This options doesn't store the resulting user to user credential in
148the 148the
149.Fa ccache . 149.Fa ccache .
150.It KRB5_GC_EXPIRED_OK 150.It KRB5_GC_EXPIRED_OK
cvs diff -r1.1 -r1.1.14.1 src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_in_cred.3 (expand / switch to unified diff)

--- src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_in_cred.3 2008/03/22 08:37:14 1.1
+++ src/crypto/dist/heimdal/lib/krb5/Attic/krb5_get_in_cred.3 2010/04/21 05:17:36 1.1.14.1
@@ -20,27 +20,27 @@ @@ -20,27 +20,27 @@
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE. 30.\" SUCH DAMAGE.
31.\" 31.\"
32.\" $Heimdal: krb5_get_in_cred.3 17593 2006-05-29 14:55:18Z lha $ 32.\" $Heimdal: krb5_get_in_cred.3 17593 2006-05-29 14:55:18Z lha $
33.\" $NetBSD: krb5_get_in_cred.3,v 1.1 2008/03/22 08:37:14 mlelstv Exp $ 33.\" $NetBSD: krb5_get_in_cred.3,v 1.1.14.1 2010/04/21 05:17:36 matt Exp $
34.\" 34.\"
35.Dd May 31, 2003 35.Dd May 31, 2003
36.Dt KRB5_GET_IN_TKT 3 36.Dt KRB5_GET_IN_TKT 3
37.Os 37.Os
38.Sh NAME 38.Sh NAME
39.Nm krb5_get_in_tkt , 39.Nm krb5_get_in_tkt ,
40.Nm krb5_get_in_cred , 40.Nm krb5_get_in_cred ,
41.Nm krb5_get_in_tkt_with_password , 41.Nm krb5_get_in_tkt_with_password ,
42.Nm krb5_get_in_tkt_with_keytab , 42.Nm krb5_get_in_tkt_with_keytab ,
43.Nm krb5_get_in_tkt_with_skey , 43.Nm krb5_get_in_tkt_with_skey ,
44.Nm krb5_free_kdc_rep , 44.Nm krb5_free_kdc_rep ,
45.Nm krb5_password_key_proc 45.Nm krb5_password_key_proc
46.Nd deprecated initial authentication functions 46.Nd deprecated initial authentication functions
@@ -160,27 +160,27 @@ stores the credential in a @@ -160,27 +160,27 @@ stores the credential in a
160.Li krb5_ccache . 160.Li krb5_ccache .
161.Pp 161.Pp
162.Nm krb5_get_in_tkt_with_password , 162.Nm krb5_get_in_tkt_with_password ,
163.Nm krb5_get_in_tkt_with_keytab , 163.Nm krb5_get_in_tkt_with_keytab ,
164and 164and
165.Nm krb5_get_in_tkt_with_skey 165.Nm krb5_get_in_tkt_with_skey
166does the same work as 166does the same work as
167.Nm krb5_get_in_cred 167.Nm krb5_get_in_cred
168but are more specialized. 168but are more specialized.
169.Pp 169.Pp
170.Nm krb5_get_in_tkt_with_password 170.Nm krb5_get_in_tkt_with_password
171uses the clients password to authenticate. 171uses the clients password to authenticate.
172If the password argument is 172If the password argument is
173.DV NULL 173.Dv NULL
174the user user queried with the default password query function. 174the user user queried with the default password query function.
175.Pp 175.Pp
176.Nm krb5_get_in_tkt_with_keytab 176.Nm krb5_get_in_tkt_with_keytab
177searches the given keytab for a service entry for the client principal. 177searches the given keytab for a service entry for the client principal.
178If the keytab is 178If the keytab is
179.Dv NULL 179.Dv NULL
180the default keytab is used. 180the default keytab is used.
181.Pp 181.Pp
182.Nm krb5_get_in_tkt_with_skey 182.Nm krb5_get_in_tkt_with_skey
183uses a key to get the initial credential. 183uses a key to get the initial credential.
184.Pp 184.Pp
185There are some common arguments to the krb5_get_in functions, these are: 185There are some common arguments to the krb5_get_in functions, these are:
186.Pp 186.Pp
cvs diff -r1.9 -r1.9.14.1 src/crypto/dist/heimdal/lib/krb5/Attic/krb5_keytab.3 (expand / switch to unified diff)

--- src/crypto/dist/heimdal/lib/krb5/Attic/krb5_keytab.3 2008/03/22 08:37:14 1.9
+++ src/crypto/dist/heimdal/lib/krb5/Attic/krb5_keytab.3 2010/04/21 05:17:36 1.9.14.1
@@ -20,27 +20,27 @@ @@ -20,27 +20,27 @@
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE. 30.\" SUCH DAMAGE.
31.\" 31.\"
32.\" $Heimdal: krb5_keytab.3 22071 2007-11-14 20:04:50Z lha $ 32.\" $Heimdal: krb5_keytab.3 22071 2007-11-14 20:04:50Z lha $
33.\" $NetBSD: krb5_keytab.3,v 1.9 2008/03/22 08:37:14 mlelstv Exp $ 33.\" $NetBSD: krb5_keytab.3,v 1.9.14.1 2010/04/21 05:17:36 matt Exp $
34.\" 34.\"
35.Dd August 12, 2005 35.Dd August 12, 2005
36.Dt KRB5_KEYTAB 3 36.Dt KRB5_KEYTAB 3
37.Os 37.Os
38.Sh NAME 38.Sh NAME
39.Nm krb5_kt_ops , 39.Nm krb5_kt_ops ,
40.Nm krb5_keytab_entry , 40.Nm krb5_keytab_entry ,
41.Nm krb5_kt_cursor , 41.Nm krb5_kt_cursor ,
42.Nm krb5_kt_add_entry , 42.Nm krb5_kt_add_entry ,
43.Nm krb5_kt_close , 43.Nm krb5_kt_close ,
44.Nm krb5_kt_compare , 44.Nm krb5_kt_compare ,
45.Nm krb5_kt_copy_entry_contents , 45.Nm krb5_kt_copy_entry_contents ,
46.Nm krb5_kt_default , 46.Nm krb5_kt_default ,
@@ -194,27 +194,27 @@ The default value can be changed in the  @@ -194,27 +194,27 @@ The default value can be changed in the
194by setting the variable 194by setting the variable
195.Li [defaults]default_keytab_name . 195.Li [defaults]default_keytab_name .
196.Pp 196.Pp
197The keytab types that are implemented in Heimdal 197The keytab types that are implemented in Heimdal
198are: 198are:
199.Bl -tag -width Ds 199.Bl -tag -width Ds
200.It Nm file 200.It Nm file
201store the keytab in a file, the type's name is 201store the keytab in a file, the type's name is
202.Li FILE . 202.Li FILE .
203The residual part is a filename. 203The residual part is a filename.
204For compatibility with other Kerberos implemtation 204For compatibility with other Kerberos implemtation
205.Li WRFILE 205.Li WRFILE
206and 206and
207.LI JAVA14 207.Li JAVA14
208is also accepted. 208is also accepted.
209.Li WRFILE 209.Li WRFILE
210has the same format as 210has the same format as
211.Li FILE . 211.Li FILE .
212.Li JAVA14 212.Li JAVA14
213have a format that is compatible with older versions of MIT kerberos 213have a format that is compatible with older versions of MIT kerberos
214and SUN's Java based installation. They store a truncted kvno, so 214and SUN's Java based installation. They store a truncted kvno, so
215when the knvo excess 255, they are truncted in this format. 215when the knvo excess 255, they are truncted in this format.
216.It Nm keyfile 216.It Nm keyfile
217store the keytab in a 217store the keytab in a
218.Li AFS 218.Li AFS
219keyfile (usually 219keyfile (usually
220.Pa /usr/afs/etc/KeyFile ) , 220.Pa /usr/afs/etc/KeyFile ) ,
@@ -370,27 +370,27 @@ releases all resources associated with @@ -370,27 +370,27 @@ releases all resources associated with
370.Fn krb5_kt_get_entry 370.Fn krb5_kt_get_entry
371retrieves the keytab entry for 371retrieves the keytab entry for
372.Fa principal , 372.Fa principal ,
373.Fa kvno , 373.Fa kvno ,
374.Fa enctype 374.Fa enctype
375into 375into
376.Fa entry 376.Fa entry
377from the keytab 377from the keytab
378.Fa id . 378.Fa id .
379When comparing an entry in the keytab to determine a match, the 379When comparing an entry in the keytab to determine a match, the
380function 380function
381.Fn krb5_kt_compare 381.Fn krb5_kt_compare
382is used, so the wildcard rules applies to the argument of 382is used, so the wildcard rules applies to the argument of
383.F krb5_kt_get_entry 383.Fn krb5_kt_get_entry
384too. 384too.
385On success the returne entry must be freed with 385On success the returne entry must be freed with
386.Fn krb5_kt_free_entry . 386.Fn krb5_kt_free_entry .
387Returns 0 or an error. 387Returns 0 or an error.
388.Pp 388.Pp
389.Fn krb5_kt_read_service_key 389.Fn krb5_kt_read_service_key
390reads the key identified by 390reads the key identified by
391.Fa ( principal , 391.Fa ( principal ,
392.Fa vno , 392.Fa vno ,
393.Fa enctype ) 393.Fa enctype )
394from the keytab in 394from the keytab in
395.Fa keyprocarg 395.Fa keyprocarg
396(the system default keytab if  396(the system default keytab if
cvs diff -r1.21.4.1 -r1.21.4.1.4.1 src/crypto/dist/ipsec-tools/src/racoon/handler.c (expand / switch to unified diff)

--- src/crypto/dist/ipsec-tools/src/racoon/handler.c 2009/02/08 18:42:16 1.21.4.1
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.c 2010/04/21 05:17:36 1.21.4.1.4.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: handler.c,v 1.21.4.1 2009/02/08 18:42:16 snj Exp $ */ 1/* $NetBSD: handler.c,v 1.21.4.1.4.1 2010/04/21 05:17:36 matt Exp $ */
2 2
3/* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */ 3/* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 *  8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -468,27 +468,27 @@ getph2byseq(seq) @@ -468,27 +468,27 @@ getph2byseq(seq)
468 return NULL; 468 return NULL;
469} 469}
470 470
471/* 471/*
472 * search ph2handle with message id. 472 * search ph2handle with message id.
473 */ 473 */
474struct ph2handle * 474struct ph2handle *
475getph2bymsgid(iph1, msgid) 475getph2bymsgid(iph1, msgid)
476 struct ph1handle *iph1; 476 struct ph1handle *iph1;
477 u_int32_t msgid; 477 u_int32_t msgid;
478{ 478{
479 struct ph2handle *p; 479 struct ph2handle *p;
480 480
481 LIST_FOREACH(p, &ph2tree, chain) { 481 LIST_FOREACH(p, &iph1->ph2tree, ph1bind) {
482 if (p->msgid == msgid) 482 if (p->msgid == msgid)
483 return p; 483 return p;
484 } 484 }
485 485
486 return NULL; 486 return NULL;
487} 487}
488 488
489struct ph2handle * 489struct ph2handle *
490getph2byid(src, dst, spid) 490getph2byid(src, dst, spid)
491 struct sockaddr *src, *dst; 491 struct sockaddr *src, *dst;
492 u_int32_t spid; 492 u_int32_t spid;
493{ 493{
494 struct ph2handle *p; 494 struct ph2handle *p;
cvs diff -r1.42.4.1 -r1.42.4.1.4.1 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c (expand / switch to unified diff)

--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c 2009/02/08 18:42:16 1.42.4.1
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c 2010/04/21 05:17:36 1.42.4.1.4.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: isakmp.c,v 1.42.4.1 2009/02/08 18:42:16 snj Exp $ */ 1/* $NetBSD: isakmp.c,v 1.42.4.1.4.1 2010/04/21 05:17:36 matt Exp $ */
2 2
3/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ 3/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 *  8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -3076,26 +3076,36 @@ script_hook(iph1, script) @@ -3076,26 +3076,36 @@ script_hook(iph1, script)
3076 plog(LLV_ERROR, LOCATION, NULL,  3076 plog(LLV_ERROR, LOCATION, NULL,
3077 "Cannot set REMOTE_ADDR\n"); 3077 "Cannot set REMOTE_ADDR\n");
3078 goto out; 3078 goto out;
3079 } 3079 }
3080 3080
3081 if (script_env_append(&envp, &envc,  3081 if (script_env_append(&envp, &envc,
3082 "REMOTE_PORT", portstr) != 0) { 3082 "REMOTE_PORT", portstr) != 0) {
3083 plog(LLV_ERROR, LOCATION, NULL,  3083 plog(LLV_ERROR, LOCATION, NULL,
3084 "Cannot set REMOTEL_PORT\n"); 3084 "Cannot set REMOTEL_PORT\n");
3085 goto out; 3085 goto out;
3086 } 3086 }
3087 } 3087 }
3088 3088
 3089 /* Peer identity. */
 3090 if (iph1->id_p != NULL) {
 3091 if (script_env_append(&envp, &envc, "REMOTE_ID",
 3092 ipsecdoi_id2str(iph1->id_p)) != 0) {
 3093 plog(LLV_ERROR, LOCATION, NULL,
 3094 "Cannot set REMOTE_ID\n");
 3095 goto out;
 3096 }
 3097 }
 3098
3089 if (privsep_script_exec(iph1->rmconf->script[script]->v,  3099 if (privsep_script_exec(iph1->rmconf->script[script]->v,
3090 script, envp) != 0)  3100 script, envp) != 0)
3091 plog(LLV_ERROR, LOCATION, NULL,  3101 plog(LLV_ERROR, LOCATION, NULL,
3092 "Script %s execution failed\n", script_names[script]); 3102 "Script %s execution failed\n", script_names[script]);
3093 3103
3094out: 3104out:
3095 for (c = envp; *c; c++) 3105 for (c = envp; *c; c++)
3096 racoon_free(*c); 3106 racoon_free(*c);
3097 3107
3098 racoon_free(envp); 3108 racoon_free(envp);
3099 3109
3100 return; 3110 return;
3101} 3111}
cvs diff -r1.46.4.1 -r1.46.4.1.4.1 src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 (expand / switch to unified diff)

--- src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 2009/02/08 18:42:18 1.46.4.1
+++ src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 2010/04/21 05:17:36 1.46.4.1.4.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1.\" $NetBSD: racoon.conf.5,v 1.46.4.1 2009/02/08 18:42:18 snj Exp $ 1.\" $NetBSD: racoon.conf.5,v 1.46.4.1.4.1 2010/04/21 05:17:36 matt Exp $
2.\" 2.\"
3.\" Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp 3.\" Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
4.\" 4.\"
5.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6.\" All rights reserved. 6.\" All rights reserved.
7.\" 7.\"
8.\" Redistribution and use in source and binary forms, with or without 8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions 9.\" modification, are permitted provided that the following conditions
10.\" are met: 10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright 11.\" 1. Redistributions of source code must retain the above copyright
12.\" notice, this list of conditions and the following disclaimer. 12.\" notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\" notice, this list of conditions and the following disclaimer in the 14.\" notice, this list of conditions and the following disclaimer in the
@@ -564,26 +564,28 @@ Both scripts get either @@ -564,26 +564,28 @@ Both scripts get either
564or 564or
565.Ic phase1_down 565.Ic phase1_down
566as first argument, and the following 566as first argument, and the following
567variables are set in their environment: 567variables are set in their environment:
568.Bl -tag -width Ds -compact 568.Bl -tag -width Ds -compact
569.It Ev LOCAL_ADDR 569.It Ev LOCAL_ADDR
570The local address of the phase 1 SA. 570The local address of the phase 1 SA.
571.It Ev LOCAL_PORT 571.It Ev LOCAL_PORT
572The local port used for IKE for the phase 1 SA. 572The local port used for IKE for the phase 1 SA.
573.It Ev REMOTE_ADDR 573.It Ev REMOTE_ADDR
574The remote address of the phase 1 SA. 574The remote address of the phase 1 SA.
575.It Ev REMOTE_PORT 575.It Ev REMOTE_PORT
576The remote port used for IKE for the phase 1 SA. 576The remote port used for IKE for the phase 1 SA.
 577.It Ev REMOTE_ID
 578The remote identity received in IKE for the phase 1 SA.
577.El 579.El
578The following variables are only set if 580The following variables are only set if
579.Ic mode_cfg 581.Ic mode_cfg
580was enabled: 582was enabled:
581.Bl -tag -width Ds -compact 583.Bl -tag -width Ds -compact
582.It INTERNAL_ADDR4 584.It INTERNAL_ADDR4
583An IPv4 internal address obtained by ISAKMP mode config. 585An IPv4 internal address obtained by ISAKMP mode config.
584.It INTERNAL_NETMASK4 586.It INTERNAL_NETMASK4
585An IPv4 internal netmask obtained by ISAKMP mode config. 587An IPv4 internal netmask obtained by ISAKMP mode config.
586.It INTERNAL_CIDR4 588.It INTERNAL_CIDR4
587An IPv4 internal netmask obtained by ISAKMP mode config, in CIDR notation. 589An IPv4 internal netmask obtained by ISAKMP mode config, in CIDR notation.
588.It INTERNAL_DNS4 590.It INTERNAL_DNS4
589The first internal DNS server IPv4 address obtained by ISAKMP mode config. 591The first internal DNS server IPv4 address obtained by ISAKMP mode config.
cvs diff -r1.1.1.7 -r1.1.1.7.10.1 src/crypto/dist/openssl/crypto/comp/Attic/c_zlib.c (expand / switch to unified diff)

--- src/crypto/dist/openssl/crypto/comp/Attic/c_zlib.c 2008/05/09 21:34:23 1.1.1.7
+++ src/crypto/dist/openssl/crypto/comp/Attic/c_zlib.c 2010/04/21 05:17:37 1.1.1.7.10.1
@@ -126,35 +126,26 @@ static DSO *zlib_dso = NULL; @@ -126,35 +126,26 @@ static DSO *zlib_dso = NULL;
126#define deflate p_deflate 126#define deflate p_deflate
127#define deflateInit_ p_deflateInit_ 127#define deflateInit_ p_deflateInit_
128#define zError p_zError 128#define zError p_zError
129#endif /* ZLIB_SHARED */ 129#endif /* ZLIB_SHARED */
130 130
131struct zlib_state 131struct zlib_state
132 { 132 {
133 z_stream istream; 133 z_stream istream;
134 z_stream ostream; 134 z_stream ostream;
135 }; 135 };
136 136
137static int zlib_stateful_ex_idx = -1; 137static int zlib_stateful_ex_idx = -1;
138 138
139static void zlib_stateful_free_ex_data(void *obj, void *item, 
140 CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) 
141 { 
142 struct zlib_state *state = (struct zlib_state *)item; 
143 inflateEnd(&state->istream); 
144 deflateEnd(&state->ostream); 
145 OPENSSL_free(state); 
146 } 
147 
148static int zlib_stateful_init(COMP_CTX *ctx) 139static int zlib_stateful_init(COMP_CTX *ctx)
149 { 140 {
150 int err; 141 int err;
151 struct zlib_state *state = 142 struct zlib_state *state =
152 (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); 143 (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
153 144
154 if (state == NULL) 145 if (state == NULL)
155 goto err; 146 goto err;
156 147
157 state->istream.zalloc = zlib_zalloc; 148 state->istream.zalloc = zlib_zalloc;
158 state->istream.zfree = zlib_zfree; 149 state->istream.zfree = zlib_zfree;
159 state->istream.opaque = Z_NULL; 150 state->istream.opaque = Z_NULL;
160 state->istream.next_in = Z_NULL; 151 state->istream.next_in = Z_NULL;
@@ -178,26 +169,32 @@ static int zlib_stateful_init(COMP_CTX * @@ -178,26 +169,32 @@ static int zlib_stateful_init(COMP_CTX *
178 if (err != Z_OK) 169 if (err != Z_OK)
179 goto err; 170 goto err;
180 171
181 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); 172 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
182 CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state); 173 CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state);
183 return 1; 174 return 1;
184 err: 175 err:
185 if (state) OPENSSL_free(state); 176 if (state) OPENSSL_free(state);
186 return 0; 177 return 0;
187 } 178 }
188 179
189static void zlib_stateful_finish(COMP_CTX *ctx) 180static void zlib_stateful_finish(COMP_CTX *ctx)
190 { 181 {
 182 struct zlib_state *state =
 183 (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
 184 zlib_stateful_ex_idx);
 185 inflateEnd(&state->istream);
 186 deflateEnd(&state->ostream);
 187 OPENSSL_free(state);
191 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); 188 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
192 } 189 }
193 190
194static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, 191static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
195 unsigned int olen, unsigned char *in, unsigned int ilen) 192 unsigned int olen, unsigned char *in, unsigned int ilen)
196 { 193 {
197 int err = Z_OK; 194 int err = Z_OK;
198 struct zlib_state *state = 195 struct zlib_state *state =
199 (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, 196 (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
200 zlib_stateful_ex_idx); 197 zlib_stateful_ex_idx);
201 198
202 if (state == NULL) 199 if (state == NULL)
203 return -1; 200 return -1;
@@ -392,27 +389,27 @@ COMP_METHOD *COMP_zlib(void) @@ -392,27 +389,27 @@ COMP_METHOD *COMP_zlib(void)
392 if (zlib_loaded) 389 if (zlib_loaded)
393#endif 390#endif
394#if defined(ZLIB) || defined(ZLIB_SHARED) 391#if defined(ZLIB) || defined(ZLIB_SHARED)
395 { 392 {
396 /* init zlib_stateful_ex_idx here so that in a multi-process 393 /* init zlib_stateful_ex_idx here so that in a multi-process
397 * application it's enough to intialize openssl before forking 394 * application it's enough to intialize openssl before forking
398 * (idx will be inherited in all the children) */ 395 * (idx will be inherited in all the children) */
399 if (zlib_stateful_ex_idx == -1) 396 if (zlib_stateful_ex_idx == -1)
400 { 397 {
401 CRYPTO_w_lock(CRYPTO_LOCK_COMP); 398 CRYPTO_w_lock(CRYPTO_LOCK_COMP);
402 if (zlib_stateful_ex_idx == -1) 399 if (zlib_stateful_ex_idx == -1)
403 zlib_stateful_ex_idx = 400 zlib_stateful_ex_idx =
404 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, 401 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
405 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); 402 0,NULL,NULL,NULL,NULL);
406 CRYPTO_w_unlock(CRYPTO_LOCK_COMP); 403 CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
407 if (zlib_stateful_ex_idx == -1) 404 if (zlib_stateful_ex_idx == -1)
408 goto err; 405 goto err;
409 } 406 }
410  407
411 meth = &zlib_stateful_method; 408 meth = &zlib_stateful_method;
412 } 409 }
413err:  410err:
414#endif 411#endif
415 412
416 return(meth); 413 return(meth);
417 } 414 }
418 415
cvs diff -r1.1.1.5.8.1 -r1.1.1.5.8.1.2.1 src/crypto/dist/openssl/crypto/evp/Attic/m_sha1.c (expand / switch to unified diff)

--- src/crypto/dist/openssl/crypto/evp/Attic/m_sha1.c 2009/07/14 19:35:22 1.1.1.5.8.1
+++ src/crypto/dist/openssl/crypto/evp/Attic/m_sha1.c 2010/04/21 05:17:37 1.1.1.5.8.1.2.1
@@ -148,40 +148,44 @@ static const EVP_MD sha256_md= @@ -148,40 +148,44 @@ static const EVP_MD sha256_md=
148 sizeof(EVP_MD *)+sizeof(SHA256_CTX), 148 sizeof(EVP_MD *)+sizeof(SHA256_CTX),
149 }; 149 };
150 150
151const EVP_MD *EVP_sha256(void) 151const EVP_MD *EVP_sha256(void)
152 { return(&sha256_md); } 152 { return(&sha256_md); }
153#endif /* ifndef OPENSSL_NO_SHA256 */ 153#endif /* ifndef OPENSSL_NO_SHA256 */
154 154
155#ifndef OPENSSL_NO_SHA512 155#ifndef OPENSSL_NO_SHA512
156static int init384(EVP_MD_CTX *ctx) 156static int init384(EVP_MD_CTX *ctx)
157 { return SHA384_Init(ctx->md_data); } 157 { return SHA384_Init(ctx->md_data); }
158static int init512(EVP_MD_CTX *ctx) 158static int init512(EVP_MD_CTX *ctx)
159 { return SHA512_Init(ctx->md_data); } 159 { return SHA512_Init(ctx->md_data); }
160/* See comment in SHA224/256 section */ 160/* See comment in SHA224/256 section */
 161static int update384(EVP_MD_CTX *ctx,const void *data,size_t count)
 162 { return SHA384_Update(ctx->md_data,data,count); }
161static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) 163static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
162 { return SHA512_Update(ctx->md_data,data,count); } 164 { return SHA512_Update(ctx->md_data,data,count); }
 165static int final384(EVP_MD_CTX *ctx,unsigned char *md)
 166 { return SHA384_Final(md,ctx->md_data); }
163static int final512(EVP_MD_CTX *ctx,unsigned char *md) 167static int final512(EVP_MD_CTX *ctx,unsigned char *md)
164 { return SHA512_Final(md,ctx->md_data); } 168 { return SHA512_Final(md,ctx->md_data); }
165 169
166static const EVP_MD sha384_md= 170static const EVP_MD sha384_md=
167 { 171 {
168 NID_sha384, 172 NID_sha384,
169 NID_sha384WithRSAEncryption, 173 NID_sha384WithRSAEncryption,
170 SHA384_DIGEST_LENGTH, 174 SHA384_DIGEST_LENGTH,
171 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, 175 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
172 init384, 176 init384,
173 update512, 177 update384,
174 final512, 178 final384,
175 NULL, 179 NULL,
176 NULL, 180 NULL,
177 EVP_PKEY_RSA_method, 181 EVP_PKEY_RSA_method,
178 SHA512_CBLOCK, 182 SHA512_CBLOCK,
179 sizeof(EVP_MD *)+sizeof(SHA512_CTX), 183 sizeof(EVP_MD *)+sizeof(SHA512_CTX),
180 }; 184 };
181 185
182const EVP_MD *EVP_sha384(void) 186const EVP_MD *EVP_sha384(void)
183 { return(&sha384_md); } 187 { return(&sha384_md); }
184 188
185static const EVP_MD sha512_md= 189static const EVP_MD sha512_md=
186 { 190 {
187 NID_sha512, 191 NID_sha512,
cvs diff -r1.1.1.12 -r1.1.1.12.10.1 src/crypto/dist/openssl/ssl/Attic/s3_enc.c (expand / switch to unified diff)

--- src/crypto/dist/openssl/ssl/Attic/s3_enc.c 2008/05/09 21:34:44 1.1.1.12
+++ src/crypto/dist/openssl/ssl/Attic/s3_enc.c 2010/04/21 05:17:37 1.1.1.12.10.1
@@ -560,27 +560,27 @@ void ssl3_free_digest_list(SSL *s)  @@ -560,27 +560,27 @@ void ssl3_free_digest_list(SSL *s)
560 } 560 }
561 OPENSSL_free(s->s3->handshake_dgst); 561 OPENSSL_free(s->s3->handshake_dgst);
562 s->s3->handshake_dgst=NULL; 562 s->s3->handshake_dgst=NULL;
563 }  563 }
564  564
565 565
566 566
567void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) 567void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
568 { 568 {
569 if (s->s3->handshake_buffer)  569 if (s->s3->handshake_buffer)
570 { 570 {
571 BIO_write (s->s3->handshake_buffer,(void *)buf,len); 571 BIO_write (s->s3->handshake_buffer,(void *)buf,len);
572 }  572 }
573 else  573 else if (s->s3->handshake_dgst != NULL)
574 { 574 {
575 int i; 575 int i;
576 for (i=0;i< SSL_MAX_DIGEST;i++)  576 for (i=0;i< SSL_MAX_DIGEST;i++)
577 { 577 {
578 if (s->s3->handshake_dgst[i]!= NULL) 578 if (s->s3->handshake_dgst[i]!= NULL)
579 EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); 579 EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len);
580 } 580 }
581 }  581 }
582 } 582 }
583void ssl3_digest_cached_records(SSL *s) 583void ssl3_digest_cached_records(SSL *s)
584 { 584 {
585 int i; 585 int i;
586 long mask; 586 long mask;
cvs diff -r1.1.1.12 -r1.1.1.12.10.1 src/crypto/dist/openssl/ssl/Attic/t1_enc.c (expand / switch to unified diff)

--- src/crypto/dist/openssl/ssl/Attic/t1_enc.c 2008/05/09 21:34:46 1.1.1.12
+++ src/crypto/dist/openssl/ssl/Attic/t1_enc.c 2010/04/21 05:17:37 1.1.1.12.10.1
@@ -740,34 +740,36 @@ int tls1_enc(SSL *s, int send) @@ -740,34 +740,36 @@ int tls1_enc(SSL *s, int send)
740 rec->length-=i; 740 rec->length-=i;
741 } 741 }
742 } 742 }
743 return(1); 743 return(1);
744 } 744 }
745int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) 745int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
746 { 746 {
747 unsigned int ret; 747 unsigned int ret;
748 EVP_MD_CTX ctx, *d=NULL; 748 EVP_MD_CTX ctx, *d=NULL;
749 int i; 749 int i;
750 750
751 if (s->s3->handshake_buffer)  751 if (s->s3->handshake_buffer)
752 ssl3_digest_cached_records(s); 752 ssl3_digest_cached_records(s);
753 for (i=0;i<SSL_MAX_DIGEST;i++)  753 if (s->s3->handshake_dgst) {
754 { 754 for (i=0;i<SSL_MAX_DIGEST;i++)
755 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)  755 {
756 { 756 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
757 d=s->s3->handshake_dgst[i]; 757 {
758 break; 758 d=s->s3->handshake_dgst[i];
 759 break;
 760 }
759 } 761 }
760 } 762 }
761 if (!d) { 763 if (!d) {
762 SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST); 764 SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
763 return 0; 765 return 0;
764 }  766 }
765 767
766 EVP_MD_CTX_init(&ctx); 768 EVP_MD_CTX_init(&ctx);
767 EVP_MD_CTX_copy_ex(&ctx,d); 769 EVP_MD_CTX_copy_ex(&ctx,d);
768 EVP_DigestFinal_ex(&ctx,out,&ret); 770 EVP_DigestFinal_ex(&ctx,out,&ret);
769 EVP_MD_CTX_cleanup(&ctx); 771 EVP_MD_CTX_cleanup(&ctx);
770 return((int)ret); 772 return((int)ret);
771 } 773 }
772 774
773int tls1_final_finish_mac(SSL *s, 775int tls1_final_finish_mac(SSL *s,
@@ -784,27 +786,28 @@ int tls1_final_finish_mac(SSL *s, @@ -784,27 +786,28 @@ int tls1_final_finish_mac(SSL *s,
784 786
785 q=buf; 787 q=buf;
786 788
787 EVP_MD_CTX_init(&ctx); 789 EVP_MD_CTX_init(&ctx);
788 790
789 if (s->s3->handshake_buffer)  791 if (s->s3->handshake_buffer)
790 ssl3_digest_cached_records(s); 792 ssl3_digest_cached_records(s);
791 793
792 for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) 794 for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
793 { 795 {
794 if (mask & s->s3->tmp.new_cipher->algorithm2) 796 if (mask & s->s3->tmp.new_cipher->algorithm2)
795 { 797 {
796 unsigned int hashsize = EVP_MD_size(md); 798 unsigned int hashsize = EVP_MD_size(md);
797 if (hashsize > (sizeof buf - (size_t)(q-buf))) 799 if (hashsize > (sizeof buf - (size_t)(q-buf)) ||
 800 s->s3->handshake_dgst == NULL)
798 { 801 {
799 /* internal error: 'buf' is too small for this cipersuite! */ 802 /* internal error: 'buf' is too small for this cipersuite! */
800 err = 1; 803 err = 1;
801 } 804 }
802 else 805 else
803 { 806 {
804 EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); 807 EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
805 EVP_DigestFinal_ex(&ctx,q,&i); 808 EVP_DigestFinal_ex(&ctx,q,&i);
806 if (i != hashsize) /* can't really happen */ 809 if (i != hashsize) /* can't really happen */
807 err = 1; 810 err = 1;
808 q+=i; 811 q+=i;
809 } 812 }
810 } 813 }
cvs diff -r1.14 -r1.14.10.1 src/crypto/dist/openssl/ssl/Attic/s3_lib.c (expand / switch to unified diff)

--- src/crypto/dist/openssl/ssl/Attic/s3_lib.c 2008/06/10 19:45:00 1.14
+++ src/crypto/dist/openssl/ssl/Attic/s3_lib.c 2010/04/21 05:17:37 1.14.10.1
@@ -3279,26 +3279,29 @@ int ssl3_read(SSL *s, void *buf, int len @@ -3279,26 +3279,29 @@ int ssl3_read(SSL *s, void *buf, int len
3279int ssl3_peek(SSL *s, void *buf, int len) 3279int ssl3_peek(SSL *s, void *buf, int len)
3280 { 3280 {
3281 return ssl3_read_internal(s, buf, len, 1); 3281 return ssl3_read_internal(s, buf, len, 1);
3282 } 3282 }
3283 3283
3284int ssl3_renegotiate(SSL *s) 3284int ssl3_renegotiate(SSL *s)
3285 { 3285 {
3286 if (s->handshake_func == NULL) 3286 if (s->handshake_func == NULL)
3287 return(1); 3287 return(1);
3288 3288
3289 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 3289 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3290 return(0); 3290 return(0);
3291 3291
 3292 if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 3293 return(0);
 3294
3292 s->s3->renegotiate=1; 3295 s->s3->renegotiate=1;
3293 return(1); 3296 return(1);
3294 } 3297 }
3295 3298
3296int ssl3_renegotiate_check(SSL *s) 3299int ssl3_renegotiate_check(SSL *s)
3297 { 3300 {
3298 int ret=0; 3301 int ret=0;
3299 3302
3300 if (s->s3->renegotiate) 3303 if (s->s3->renegotiate)
3301 { 3304 {
3302 if ( (s->s3->rbuf.left == 0) && 3305 if ( (s->s3->rbuf.left == 0) &&
3303 (s->s3->wbuf.left == 0) && 3306 (s->s3->wbuf.left == 0) &&
3304 !SSL_in_init(s)) 3307 !SSL_in_init(s))
cvs diff -r1.9.8.1 -r1.9.8.1.2.1 src/crypto/dist/openssl/ssl/Attic/s3_pkt.c (expand / switch to unified diff)

--- src/crypto/dist/openssl/ssl/Attic/s3_pkt.c 2009/07/05 00:31:20 1.9.8.1
+++ src/crypto/dist/openssl/ssl/Attic/s3_pkt.c 2010/04/21 05:17:37 1.9.8.1.2.1
@@ -303,29 +303,29 @@ again: @@ -303,29 +303,29 @@ again:
303 ssl_minor= *(p++); 303 ssl_minor= *(p++);
304 version=(ssl_major<<8)|ssl_minor; 304 version=(ssl_major<<8)|ssl_minor;
305 n2s(p,rr->length); 305 n2s(p,rr->length);
306#if 0 306#if 0
307fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); 307fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
308#endif 308#endif
309 309
310 /* Lets check version */ 310 /* Lets check version */
311 if (!s->first_packet) 311 if (!s->first_packet)
312 { 312 {
313 if (version != s->version) 313 if (version != s->version)
314 { 314 {
315 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 315 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
316 /* Send back error using their 316 if ((s->version & 0xFF00) == (version & 0xFF00))
317 * version number :-) */ 317 /* Send back error using their minor version number :-) */
318 s->version=version; 318 s->version = (unsigned short)version;
319 al=SSL_AD_PROTOCOL_VERSION; 319 al=SSL_AD_PROTOCOL_VERSION;
320 goto f_err; 320 goto f_err;
321 } 321 }
322 } 322 }
323 323
324 if ((version>>8) != SSL3_VERSION_MAJOR) 324 if ((version>>8) != SSL3_VERSION_MAJOR)
325 { 325 {
326 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 326 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
327 goto err; 327 goto err;
328 } 328 }
329 329
330 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) 330 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
331 { 331 {
@@ -1031,26 +1031,27 @@ start: @@ -1031,26 +1031,27 @@ start:
1031 (s->s3->handshake_fragment[2] != 0) || 1031 (s->s3->handshake_fragment[2] != 0) ||
1032 (s->s3->handshake_fragment[3] != 0)) 1032 (s->s3->handshake_fragment[3] != 0))
1033 { 1033 {
1034 al=SSL_AD_DECODE_ERROR; 1034 al=SSL_AD_DECODE_ERROR;
1035 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); 1035 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1036 goto f_err; 1036 goto f_err;
1037 } 1037 }
1038 1038
1039 if (s->msg_callback) 1039 if (s->msg_callback)
1040 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); 1040 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
1041 1041
1042 if (SSL_is_init_finished(s) && 1042 if (SSL_is_init_finished(s) &&
1043 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1043 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
 1044 (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) &&
1044 !s->s3->renegotiate) 1045 !s->s3->renegotiate)
1045 { 1046 {
1046 ssl3_renegotiate(s); 1047 ssl3_renegotiate(s);
1047 if (ssl3_renegotiate_check(s)) 1048 if (ssl3_renegotiate_check(s))
1048 { 1049 {
1049 i=s->handshake_func(s); 1050 i=s->handshake_func(s);
1050 if (i < 0) return(i); 1051 if (i < 0) return(i);
1051 if (i == 0) 1052 if (i == 0)
1052 { 1053 {
1053 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1054 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1054 return(-1); 1055 return(-1);
1055 } 1056 }
1056 1057
@@ -1163,27 +1164,28 @@ start: @@ -1163,27 +1164,28 @@ start:
1163 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); 1164 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1164 1165
1165 s->s3->change_cipher_spec=1; 1166 s->s3->change_cipher_spec=1;
1166 if (!ssl3_do_change_cipher_spec(s)) 1167 if (!ssl3_do_change_cipher_spec(s))
1167 goto err; 1168 goto err;
1168 else 1169 else
1169 goto start; 1170 goto start;
1170 } 1171 }
1171 1172
1172 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1173 /* Unexpected handshake message (Client Hello, or protocol violation) */
1173 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) 1174 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
1174 { 1175 {
1175 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1176 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1176 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1177 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
 1178 (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1177 { 1179 {
1178#if 0 /* worked only because C operator preferences are not as expected (and 1180#if 0 /* worked only because C operator preferences are not as expected (and
1179 * because this is not really needed for clients except for detecting 1181 * because this is not really needed for clients except for detecting
1180 * protocol violations): */ 1182 * protocol violations): */
1181 s->state=SSL_ST_BEFORE|(s->server) 1183 s->state=SSL_ST_BEFORE|(s->server)
1182 ?SSL_ST_ACCEPT 1184 ?SSL_ST_ACCEPT
1183 :SSL_ST_CONNECT; 1185 :SSL_ST_CONNECT;
1184#else 1186#else
1185 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1187 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1186#endif 1188#endif
1187 s->new_session=1; 1189 s->new_session=1;
1188 } 1190 }
1189 i=s->handshake_func(s); 1191 i=s->handshake_func(s);
cvs diff -r1.15.4.1 -r1.15.4.1.4.1 src/crypto/dist/openssl/ssl/Attic/s3_srvr.c (expand / switch to unified diff)

--- src/crypto/dist/openssl/ssl/Attic/s3_srvr.c 2009/01/20 21:28:09 1.15.4.1
+++ src/crypto/dist/openssl/ssl/Attic/s3_srvr.c 2010/04/21 05:17:37 1.15.4.1.4.1
@@ -522,32 +522,34 @@ int ssl3_accept(SSL *s) @@ -522,32 +522,34 @@ int ssl3_accept(SSL *s)
522 { 522 {
523 int offset=0; 523 int offset=0;
524 int dgst_num; 524 int dgst_num;
525 s->state=SSL3_ST_SR_CERT_VRFY_A; 525 s->state=SSL3_ST_SR_CERT_VRFY_A;
526 s->init_num=0; 526 s->init_num=0;
527 527
528 /* We need to get hashes here so if there is 528 /* We need to get hashes here so if there is
529 * a client cert, it can be verified 529 * a client cert, it can be verified
530 * FIXME - digest processing for CertificateVerify 530 * FIXME - digest processing for CertificateVerify
531 * should be generalized. But it is next step 531 * should be generalized. But it is next step
532 */ 532 */
533 if (s->s3->handshake_buffer) 533 if (s->s3->handshake_buffer)
534 ssl3_digest_cached_records(s); 534 ssl3_digest_cached_records(s);
535 for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)  535 if (s->s3->handshake_dgst != NULL) {
536 if (s->s3->handshake_dgst[dgst_num])  536 for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
537 { 537 if (s->s3->handshake_dgst[dgst_num])
538 s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset])); 538 {
539 offset+=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); 539 s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
540 }  540 offset+=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
 541 }
 542 }
541 } 543 }
542 break; 544 break;
543 545
544 case SSL3_ST_SR_CERT_VRFY_A: 546 case SSL3_ST_SR_CERT_VRFY_A:
545 case SSL3_ST_SR_CERT_VRFY_B: 547 case SSL3_ST_SR_CERT_VRFY_B:
546 548
547 /* we should decide if we expected this one */ 549 /* we should decide if we expected this one */
548 ret=ssl3_get_cert_verify(s); 550 ret=ssl3_get_cert_verify(s);
549 if (ret <= 0) goto end; 551 if (ret <= 0) goto end;
550 552
551 s->state=SSL3_ST_SR_FINISHED_A; 553 s->state=SSL3_ST_SR_FINISHED_A;
552 s->init_num=0; 554 s->init_num=0;
553 break; 555 break;
@@ -753,26 +755,34 @@ int ssl3_check_client_hello(SSL *s) @@ -753,26 +755,34 @@ int ssl3_check_client_hello(SSL *s)
753int ssl3_get_client_hello(SSL *s) 755int ssl3_get_client_hello(SSL *s)
754 { 756 {
755 int i,j,ok,al,ret= -1; 757 int i,j,ok,al,ret= -1;
756 unsigned int cookie_len; 758 unsigned int cookie_len;
757 long n; 759 long n;
758 unsigned long id; 760 unsigned long id;
759 unsigned char *p,*d,*q; 761 unsigned char *p,*d,*q;
760 SSL_CIPHER *c; 762 SSL_CIPHER *c;
761#ifndef OPENSSL_NO_COMP 763#ifndef OPENSSL_NO_COMP
762 SSL_COMP *comp=NULL; 764 SSL_COMP *comp=NULL;
763#endif 765#endif
764 STACK_OF(SSL_CIPHER) *ciphers=NULL; 766 STACK_OF(SSL_CIPHER) *ciphers=NULL;
765 767
 768 if (s->new_session
 769 && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 770 {
 771 al=SSL_AD_HANDSHAKE_FAILURE;
 772 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
 773 goto f_err;
 774 }
 775
766 /* We do this so that we will respond with our native type. 776 /* We do this so that we will respond with our native type.
767 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, 777 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
768 * This down switching should be handled by a different method. 778 * This down switching should be handled by a different method.
769 * If we are SSLv3, we will respond with SSLv3, even if prompted with 779 * If we are SSLv3, we will respond with SSLv3, even if prompted with
770 * TLSv1. 780 * TLSv1.
771 */ 781 */
772 if (s->state == SSL3_ST_SR_CLNT_HELLO_A) 782 if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
773 { 783 {
774 s->state=SSL3_ST_SR_CLNT_HELLO_B; 784 s->state=SSL3_ST_SR_CLNT_HELLO_B;
775 } 785 }
776 s->first_packet=1; 786 s->first_packet=1;
777 n=s->method->ssl_get_message(s, 787 n=s->method->ssl_get_message(s,
778 SSL3_ST_SR_CLNT_HELLO_B, 788 SSL3_ST_SR_CLNT_HELLO_B,
cvs diff -r1.13 -r1.13.10.1 src/crypto/dist/openssl/ssl/Attic/ssl_locl.h (expand / switch to unified diff)

--- src/crypto/dist/openssl/ssl/Attic/ssl_locl.h 2008/06/10 19:45:00 1.13
+++ src/crypto/dist/openssl/ssl/Attic/ssl_locl.h 2010/04/21 05:17:37 1.13.10.1
@@ -440,26 +440,28 @@ @@ -440,26 +440,28 @@
440#define CERT_PUBLIC_KEY 1 440#define CERT_PUBLIC_KEY 1
441#define CERT_PRIVATE_KEY 2 441#define CERT_PRIVATE_KEY 2
442*/ 442*/
443 443
444#ifndef OPENSSL_NO_EC 444#ifndef OPENSSL_NO_EC
445/* From ECC-TLS draft, used in encoding the curve type in  445/* From ECC-TLS draft, used in encoding the curve type in
446 * ECParameters 446 * ECParameters
447 */ 447 */
448#define EXPLICIT_PRIME_CURVE_TYPE 1  448#define EXPLICIT_PRIME_CURVE_TYPE 1
449#define EXPLICIT_CHAR2_CURVE_TYPE 2 449#define EXPLICIT_CHAR2_CURVE_TYPE 2
450#define NAMED_CURVE_TYPE 3 450#define NAMED_CURVE_TYPE 3
451#endif /* OPENSSL_NO_EC */ 451#endif /* OPENSSL_NO_EC */
452 452
 453#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
 454
453typedef struct cert_pkey_st 455typedef struct cert_pkey_st
454 { 456 {
455 X509 *x509; 457 X509 *x509;
456 EVP_PKEY *privatekey; 458 EVP_PKEY *privatekey;
457 } CERT_PKEY; 459 } CERT_PKEY;
458 460
459typedef struct cert_st 461typedef struct cert_st
460 { 462 {
461 /* Current active set */ 463 /* Current active set */
462 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array 464 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
463 * Probably it would make more sense to store 465 * Probably it would make more sense to store
464 * an index, not a pointer. */ 466 * an index, not a pointer. */
465  467
cvs diff -r1.21.8.1 -r1.21.8.1.2.1 src/crypto/dist/ssh/Attic/cipher.c (expand / switch to unified diff)

--- src/crypto/dist/ssh/Attic/cipher.c 2009/06/29 23:01:24 1.21.8.1
+++ src/crypto/dist/ssh/Attic/cipher.c 2010/04/21 05:17:37 1.21.8.1.2.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: cipher.c,v 1.21.8.1 2009/06/29 23:01:24 snj Exp $ */ 1/* $NetBSD: cipher.c,v 1.21.8.1.2.1 2010/04/21 05:17:37 matt Exp $ */
2/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */ 2/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved 6 * All rights reserved
7 * 7 *
8 * As far as I am concerned, the code I have written for this software 8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this 9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is 10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be 11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell". 12 * called by a name other than "ssh" or "Secure Shell".
13 * 13 *
14 * 14 *
@@ -27,27 +27,27 @@ @@ -27,27 +27,27 @@
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40__RCSID("$NetBSD: cipher.c,v 1.21.8.1 2009/06/29 23:01:24 snj Exp $"); 40__RCSID("$NetBSD: cipher.c,v 1.21.8.1.2.1 2010/04/21 05:17:37 matt Exp $");
41#include <sys/types.h> 41#include <sys/types.h>
42 42
43#include <openssl/md5.h> 43#include <openssl/md5.h>
44 44
45#include <string.h> 45#include <string.h>
46#include <stdarg.h> 46#include <stdarg.h>
47 47
48#include "xmalloc.h" 48#include "xmalloc.h"
49#include "log.h" 49#include "log.h"
50#include "cipher.h" 50#include "cipher.h"
51 51
52extern const EVP_CIPHER *evp_ssh1_bf(void); 52extern const EVP_CIPHER *evp_ssh1_bf(void);
53extern const EVP_CIPHER *evp_ssh1_3des(void); 53extern const EVP_CIPHER *evp_ssh1_3des(void);
cvs diff -r1.2.28.1 -r1.2.28.1.2.1 src/crypto/dist/ssh/Attic/cipher.h (expand / switch to unified diff)

--- src/crypto/dist/ssh/Attic/cipher.h 2009/06/29 23:01:24 1.2.28.1
+++ src/crypto/dist/ssh/Attic/cipher.h 2010/04/21 05:17:37 1.2.28.1.2.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: cipher.h,v 1.2.28.1 2009/06/29 23:01:24 snj Exp $ */ 1/* $NetBSD: cipher.h,v 1.2.28.1.2.1 2010/04/21 05:17:37 matt Exp $ */
2/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */ 2/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */
3 3
4/* 4/*
5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 5 * Author: Tatu Ylonen <ylo@cs.hut.fi>
6 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 * All rights reserved 7 * All rights reserved
8 * 8 *
9 * As far as I am concerned, the code I have written for this software 9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this 10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is 11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be 12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell". 13 * called by a name other than "ssh" or "Secure Shell".
14 * 14 *
cvs diff -r1.30.8.1 -r1.30.8.1.2.1 src/crypto/dist/ssh/Attic/packet.c (expand / switch to unified diff)

--- src/crypto/dist/ssh/Attic/packet.c 2009/06/29 23:01:24 1.30.8.1
+++ src/crypto/dist/ssh/Attic/packet.c 2010/04/21 05:17:37 1.30.8.1.2.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: packet.c,v 1.30.8.1 2009/06/29 23:01:24 snj Exp $ */ 1/* $NetBSD: packet.c,v 1.30.8.1.2.1 2010/04/21 05:17:37 matt Exp $ */
2/* $OpenBSD: packet.c,v 1.151 2008/02/22 20:44:02 dtucker Exp $ */ 2/* $OpenBSD: packet.c,v 1.151 2008/02/22 20:44:02 dtucker Exp $ */
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved 6 * All rights reserved
7 * This file contains code implementing the packet protocol and communication 7 * This file contains code implementing the packet protocol and communication
8 * with the other side. This same code is used both on client and server side. 8 * with the other side. This same code is used both on client and server side.
9 * 9 *
10 * As far as I am concerned, the code I have written for this software 10 * As far as I am concerned, the code I have written for this software
11 * can be used freely for any purpose. Any derived versions of this 11 * can be used freely for any purpose. Any derived versions of this
12 * software must be clearly marked as such, and if the derived work is 12 * software must be clearly marked as such, and if the derived work is
13 * incompatible with the protocol description in the RFC file, it must be 13 * incompatible with the protocol description in the RFC file, it must be
14 * called by a name other than "ssh" or "Secure Shell". 14 * called by a name other than "ssh" or "Secure Shell".
@@ -29,27 +29,27 @@ @@ -29,27 +29,27 @@
29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
30 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 30 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
31 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 31 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
32 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
33 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
34 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42__RCSID("$NetBSD: packet.c,v 1.30.8.1 2009/06/29 23:01:24 snj Exp $"); 42__RCSID("$NetBSD: packet.c,v 1.30.8.1.2.1 2010/04/21 05:17:37 matt Exp $");
43 43
44#include <sys/types.h> 44#include <sys/types.h>
45#include <sys/queue.h> 45#include <sys/queue.h>
46#include <sys/socket.h> 46#include <sys/socket.h>
47#include <sys/time.h> 47#include <sys/time.h>
48#include <sys/param.h> 48#include <sys/param.h>
49 49
50#include <netinet/in_systm.h> 50#include <netinet/in_systm.h>
51#include <netinet/in.h> 51#include <netinet/in.h>
52#include <netinet/ip.h> 52#include <netinet/ip.h>
53 53
54#include <errno.h> 54#include <errno.h>
55#include <stdarg.h> 55#include <stdarg.h>