Permalink
Commits on Oct 6, 2000
  1. bsdi uses u_int for srandom

    itojun committed Oct 6, 2000
  2. SIOCSPHY* change

    itojun committed Oct 6, 2000
  3. revise SIOCSIFPHY* handling. everything is done in net/if.c, via

    ifp->if_ioctl.  no handling in in{6,}_control.
    itojun committed Oct 6, 2000
  4. Initial revision

    itojun committed Oct 6, 2000
Commits on Oct 5, 2000
  1. remove a white space diff we do not need

    itojun committed Oct 5, 2000
  2. repair merge error

    itojun committed Oct 5, 2000
  3. make error message more friendly

    itojun committed Oct 5, 2000
  4. racoon assumes /dev/urandom

    itojun committed Oct 5, 2000
  5. as RAND_bytes() hide too much things from the caller, use /dev/urandom

    directly.  now racoon requires /dev/urandom.
    itojun committed Oct 5, 2000
  6. add local random() function, which grabs random number from random nu…

    …mber
    
    device (hopefully).
    itojun committed Oct 5, 2000
  7. move esp_stir_iv into key_sa_stir_iv

    itojun committed Oct 5, 2000
  8. improve comment and warning message

    itojun committed Oct 5, 2000
  9. memcpy -> bcopy

    itojun committed Oct 5, 2000
  10. * sys/netkey/key.c: get rid of all uses of random() in IPsec code,

      where possible (netbsd/freebsd4).  for other operating systems, we
      have no good random number source like rnd(4), and random() will
      be used.  you will see one-line warning when you start using IPsec.
    itojun committed Oct 5, 2000
  11. get rid of the use of random() in IPsec procesing.

    XXX need compilation checking for freebsd4
    itojun committed Oct 5, 2000
Commits on Oct 4, 2000
  1. * *bsd*/sys/net/if.c: make sure we have root privilege on SIOCSPHY*

      operation.  from: thorpej@netbsd.org
      ROGUE LOCAL USER MAY BE ABLE TO DO BAD THING, SO UPGRADE IS SUGGESTED
    itojun committed Oct 4, 2000
  2. * sys/netkey/key.c: supply two sysctl variables,

      net.key.{esp,ah}_keymin, that control how ACQUIRE messages are
      formed.  algorithms/key length smaller than the configured value
      will be filtered out.
    itojun committed Oct 4, 2000
  3. provide new sysctls. they will control how proposal/combination payload

    is attached onto SADB_ACQUIRE messages.
    net.key.esp_keymin = 256
    net.key.ah_keymin = 128
    
    XXX ipsec_esp_auth is not opened to userland, as we may have to think again
    about it.  maybe we should look at SPD entry and figure out whether to have
    ESP auth or not.  i'm not sure.
    itojun committed Oct 4, 2000
  4. wget merged as ftp/wget (pretty old?)

    sumikawa committed Oct 4, 2000
  5. add new ciphers

    itojun committed Oct 4, 2000
  6. pedant. now compiles with -Wall -Wstrict-prototypes -Wmissing-prototypes

    -Wpointer-arith -Wno-uninitialized -Werror
    itojun committed Oct 4, 2000
  7. bsdi4 ipsec6 stat support

    (sorry, I forgot to commit this)
    jinmei committed Oct 4, 2000
Commits on Oct 3, 2000
  1. pedant

    itojun committed Oct 3, 2000
  2. repair pfkey.c buffer overrun possibilities

    itojun committed Oct 3, 2000
  3. * sys/net/pfkeyv2.h, racoon: move AES (rijndael) protocol # to the

      official one.  note that you now lost interoperability between old
      racoon and new racoon, when you negotiate rijndael.
      also note that AES final document is yet to become FIPS standard,
      so there's some uncertainity window, for like 3 months.
    itojun committed Oct 3, 2000
  4. add official rijndael (AES) numbers.

    itojun committed Oct 3, 2000