#
1.27 |
|
31-Mar-2023 |
tb |
Guard use of GROUP_EC2N with #ifndef OPENSSL_NO_EC2M
This allows compiling isakmpd with a libcrypto that has binary field support removed. Leave the enum value itself unguarded on claudio's request.
ok beck claudio jsing
|
#
1.26 |
|
28-Mar-2023 |
tb |
Avoid double free in isakmpd
In the unlikely event that EC_KEY_check_key() in ec_init() fails, group->ec would be freed first in ec_init() then in group_free().
Same problem was fixed in iked/dh.c r1.31 (where it originally came from).
ok jsg mbuhl
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.25 |
|
14-Jan-2022 |
tb |
isakmpd: convert modp to opaque DH
|
#
1.24 |
|
30-Nov-2021 |
tb |
isakmpd: convert modp_init() for opaque DH.
ok jsing
|
#
1.23 |
|
29-Nov-2021 |
deraadt |
the code in this file has reason to include any sys/*.h header files, let alone sys/param.h, which it uses to get roundup(). make a local copy of the macro, and call it a day.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.22 |
|
13-May-2021 |
tb |
Use field independent versions of {get,set}_coordinates()
ok tobhe
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.21 |
|
08-Nov-2017 |
patrick |
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included.
The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy.
Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds.
Prompted by and ok mpi@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.20 |
|
04-Jan-2017 |
mikeb |
Remove modular exponential groups specified in RFC5114
Brought up by doug@, ok reyk, djm, doug
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.18 |
|
12-Oct-2014 |
jsg |
DH_compute_key() returns -1 on error but this was not handled by testing the result with a negation.
Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem.
ok reyk@
|
#
1.17 |
|
25-Aug-2014 |
reyk |
Sync dh.[ch] from iked. The files are identical, so any change in either iked or isakmpd should be synced to the other daemon. The previous changes from iked include: plug two memory leaks, verify EC points and add the Brainpool curves. All tests in regress/sbin/isakmpd/dh passed OKAY.
ok markus@ mikeb@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.16 |
|
11-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.15 |
|
04-Jun-2012 |
mikeb |
Rounding up a number of bytes in a bignum returned by the BN_num_bytes() has implications when dealing with leading zeroes. Prevent an incorrect conversion of the EC point to the binary representation by inferring the X and Y components' lengths from the EC group length and zeroing out the appropriate chunks of the target buffer. From hshoexer@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
15-Jun-2011 |
mikeb |
When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves.
Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs.
ok sthen
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.13 |
|
29-Nov-2010 |
markus |
branches: 1.13.2; make key exchange faster by not checking the predefined groups with DH_check() ok mikeb@, djm@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
29-Jun-2010 |
reyk |
branches: 1.12.2; Replace the hand-crafted Diffie-Hellman implementation in isakmpd with the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.11 |
|
04-May-2006 |
djm |
check for degenerate Diffie-Hellman public exponents; ok markus@ hshoexer@ deraadt@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.10 |
|
08-Apr-2005 |
cloder |
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.9 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.8 |
|
03-Jun-2003 |
ho |
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.7 |
|
09-Jun-2002 |
todd |
rm trailing whitespace
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE OPENBSD_3_1_BASE
|
#
1.6 |
|
09-Apr-2001 |
ho |
More style fixes...
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.5 |
|
19-Apr-1999 |
niklas |
branches: 1.5.6; ./cookie.c: Merge with EOM 1.20 ./dh.c: Merge with EOM 1.5 ./hash.c: Merge with EOM 1.10 ./math_group.h: Merge with EOM 1.7
Style. alloc error reporting. Math error propagation. Allocate right sizes.
1999 copyrights
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.4 |
|
26-Feb-1999 |
niklas |
Merge from the Ericsson repository | revision 1.3 | date: 1999/02/25 11:38:51; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
|
#
1.3 |
|
17-Nov-1998 |
niklas |
Add RCS Ids from the EOM repository
|
#
1.2 |
|
15-Nov-1998 |
niklas |
openBSD RCS IDs
|
#
1.1 |
|
15-Nov-1998 |
niklas |
branches: 1.1.1; Initial revision
|
#
1.25 |
|
14-Jan-2022 |
tb |
isakmpd: convert modp to opaque DH
|
#
1.24 |
|
30-Nov-2021 |
tb |
isakmpd: convert modp_init() for opaque DH.
ok jsing
|
#
1.23 |
|
29-Nov-2021 |
deraadt |
the code in this file has reason to include any sys/*.h header files, let alone sys/param.h, which it uses to get roundup(). make a local copy of the macro, and call it a day.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.22 |
|
13-May-2021 |
tb |
Use field independent versions of {get,set}_coordinates()
ok tobhe
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.21 |
|
08-Nov-2017 |
patrick |
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included.
The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy.
Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds.
Prompted by and ok mpi@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.20 |
|
04-Jan-2017 |
mikeb |
Remove modular exponential groups specified in RFC5114
Brought up by doug@, ok reyk, djm, doug
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.18 |
|
12-Oct-2014 |
jsg |
DH_compute_key() returns -1 on error but this was not handled by testing the result with a negation.
Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem.
ok reyk@
|
#
1.17 |
|
25-Aug-2014 |
reyk |
Sync dh.[ch] from iked. The files are identical, so any change in either iked or isakmpd should be synced to the other daemon. The previous changes from iked include: plug two memory leaks, verify EC points and add the Brainpool curves. All tests in regress/sbin/isakmpd/dh passed OKAY.
ok markus@ mikeb@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.16 |
|
11-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.15 |
|
04-Jun-2012 |
mikeb |
Rounding up a number of bytes in a bignum returned by the BN_num_bytes() has implications when dealing with leading zeroes. Prevent an incorrect conversion of the EC point to the binary representation by inferring the X and Y components' lengths from the EC group length and zeroing out the appropriate chunks of the target buffer. From hshoexer@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
15-Jun-2011 |
mikeb |
When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves.
Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs.
ok sthen
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.13 |
|
29-Nov-2010 |
markus |
branches: 1.13.2; make key exchange faster by not checking the predefined groups with DH_check() ok mikeb@, djm@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
29-Jun-2010 |
reyk |
branches: 1.12.2; Replace the hand-crafted Diffie-Hellman implementation in isakmpd with the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.11 |
|
04-May-2006 |
djm |
check for degenerate Diffie-Hellman public exponents; ok markus@ hshoexer@ deraadt@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.10 |
|
08-Apr-2005 |
cloder |
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.9 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.8 |
|
03-Jun-2003 |
ho |
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.7 |
|
09-Jun-2002 |
todd |
rm trailing whitespace
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE OPENBSD_3_1_BASE
|
#
1.6 |
|
09-Apr-2001 |
ho |
More style fixes...
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.5 |
|
19-Apr-1999 |
niklas |
branches: 1.5.6; ./cookie.c: Merge with EOM 1.20 ./dh.c: Merge with EOM 1.5 ./hash.c: Merge with EOM 1.10 ./math_group.h: Merge with EOM 1.7
Style. alloc error reporting. Math error propagation. Allocate right sizes.
1999 copyrights
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.4 |
|
26-Feb-1999 |
niklas |
Merge from the Ericsson repository | revision 1.3 | date: 1999/02/25 11:38:51; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
|
#
1.3 |
|
17-Nov-1998 |
niklas |
Add RCS Ids from the EOM repository
|
#
1.2 |
|
15-Nov-1998 |
niklas |
openBSD RCS IDs
|
#
1.1 |
|
15-Nov-1998 |
niklas |
branches: 1.1.1; Initial revision
|
#
1.24 |
|
30-Nov-2021 |
tb |
isakmpd: convert modp_init() for opaque DH.
ok jsing
|
#
1.23 |
|
29-Nov-2021 |
deraadt |
the code in this file has reason to include any sys/*.h header files, let alone sys/param.h, which it uses to get roundup(). make a local copy of the macro, and call it a day.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.22 |
|
13-May-2021 |
tb |
Use field independent versions of {get,set}_coordinates()
ok tobhe
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.21 |
|
08-Nov-2017 |
patrick |
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included.
The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy.
Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds.
Prompted by and ok mpi@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.20 |
|
04-Jan-2017 |
mikeb |
Remove modular exponential groups specified in RFC5114
Brought up by doug@, ok reyk, djm, doug
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.18 |
|
12-Oct-2014 |
jsg |
DH_compute_key() returns -1 on error but this was not handled by testing the result with a negation.
Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem.
ok reyk@
|
#
1.17 |
|
25-Aug-2014 |
reyk |
Sync dh.[ch] from iked. The files are identical, so any change in either iked or isakmpd should be synced to the other daemon. The previous changes from iked include: plug two memory leaks, verify EC points and add the Brainpool curves. All tests in regress/sbin/isakmpd/dh passed OKAY.
ok markus@ mikeb@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.16 |
|
11-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.15 |
|
04-Jun-2012 |
mikeb |
Rounding up a number of bytes in a bignum returned by the BN_num_bytes() has implications when dealing with leading zeroes. Prevent an incorrect conversion of the EC point to the binary representation by inferring the X and Y components' lengths from the EC group length and zeroing out the appropriate chunks of the target buffer. From hshoexer@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
15-Jun-2011 |
mikeb |
When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves.
Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs.
ok sthen
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.13 |
|
29-Nov-2010 |
markus |
branches: 1.13.2; make key exchange faster by not checking the predefined groups with DH_check() ok mikeb@, djm@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
29-Jun-2010 |
reyk |
branches: 1.12.2; Replace the hand-crafted Diffie-Hellman implementation in isakmpd with the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.11 |
|
04-May-2006 |
djm |
check for degenerate Diffie-Hellman public exponents; ok markus@ hshoexer@ deraadt@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.10 |
|
08-Apr-2005 |
cloder |
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.9 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.8 |
|
03-Jun-2003 |
ho |
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.7 |
|
09-Jun-2002 |
todd |
rm trailing whitespace
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE OPENBSD_3_1_BASE
|
#
1.6 |
|
09-Apr-2001 |
ho |
More style fixes...
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.5 |
|
19-Apr-1999 |
niklas |
branches: 1.5.6; ./cookie.c: Merge with EOM 1.20 ./dh.c: Merge with EOM 1.5 ./hash.c: Merge with EOM 1.10 ./math_group.h: Merge with EOM 1.7
Style. alloc error reporting. Math error propagation. Allocate right sizes.
1999 copyrights
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.4 |
|
26-Feb-1999 |
niklas |
Merge from the Ericsson repository | revision 1.3 | date: 1999/02/25 11:38:51; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
|
#
1.3 |
|
17-Nov-1998 |
niklas |
Add RCS Ids from the EOM repository
|
#
1.2 |
|
15-Nov-1998 |
niklas |
openBSD RCS IDs
|
#
1.1 |
|
15-Nov-1998 |
niklas |
branches: 1.1.1; Initial revision
|
#
1.23 |
|
29-Nov-2021 |
deraadt |
the code in this file has reason to include any sys/*.h header files, let alone sys/param.h, which it uses to get roundup(). make a local copy of the macro, and call it a day.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.22 |
|
13-May-2021 |
tb |
Use field independent versions of {get,set}_coordinates()
ok tobhe
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.21 |
|
08-Nov-2017 |
patrick |
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included.
The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy.
Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds.
Prompted by and ok mpi@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.20 |
|
04-Jan-2017 |
mikeb |
Remove modular exponential groups specified in RFC5114
Brought up by doug@, ok reyk, djm, doug
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.18 |
|
12-Oct-2014 |
jsg |
DH_compute_key() returns -1 on error but this was not handled by testing the result with a negation.
Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem.
ok reyk@
|
#
1.17 |
|
25-Aug-2014 |
reyk |
Sync dh.[ch] from iked. The files are identical, so any change in either iked or isakmpd should be synced to the other daemon. The previous changes from iked include: plug two memory leaks, verify EC points and add the Brainpool curves. All tests in regress/sbin/isakmpd/dh passed OKAY.
ok markus@ mikeb@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.16 |
|
11-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.15 |
|
04-Jun-2012 |
mikeb |
Rounding up a number of bytes in a bignum returned by the BN_num_bytes() has implications when dealing with leading zeroes. Prevent an incorrect conversion of the EC point to the binary representation by inferring the X and Y components' lengths from the EC group length and zeroing out the appropriate chunks of the target buffer. From hshoexer@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
15-Jun-2011 |
mikeb |
When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves.
Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs.
ok sthen
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.13 |
|
29-Nov-2010 |
markus |
branches: 1.13.2; make key exchange faster by not checking the predefined groups with DH_check() ok mikeb@, djm@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
29-Jun-2010 |
reyk |
branches: 1.12.2; Replace the hand-crafted Diffie-Hellman implementation in isakmpd with the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.11 |
|
04-May-2006 |
djm |
check for degenerate Diffie-Hellman public exponents; ok markus@ hshoexer@ deraadt@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.10 |
|
08-Apr-2005 |
cloder |
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.9 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.8 |
|
03-Jun-2003 |
ho |
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.7 |
|
09-Jun-2002 |
todd |
rm trailing whitespace
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE OPENBSD_3_1_BASE
|
#
1.6 |
|
09-Apr-2001 |
ho |
More style fixes...
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.5 |
|
19-Apr-1999 |
niklas |
branches: 1.5.6; ./cookie.c: Merge with EOM 1.20 ./dh.c: Merge with EOM 1.5 ./hash.c: Merge with EOM 1.10 ./math_group.h: Merge with EOM 1.7
Style. alloc error reporting. Math error propagation. Allocate right sizes.
1999 copyrights
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.4 |
|
26-Feb-1999 |
niklas |
Merge from the Ericsson repository | revision 1.3 | date: 1999/02/25 11:38:51; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
|
#
1.3 |
|
17-Nov-1998 |
niklas |
Add RCS Ids from the EOM repository
|
#
1.2 |
|
15-Nov-1998 |
niklas |
openBSD RCS IDs
|
#
1.1 |
|
15-Nov-1998 |
niklas |
branches: 1.1.1; Initial revision
|
#
1.22 |
|
13-May-2021 |
tb |
Use field independent versions of {get,set}_coordinates()
ok tobhe
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.21 |
|
08-Nov-2017 |
patrick |
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included.
The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy.
Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds.
Prompted by and ok mpi@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.20 |
|
04-Jan-2017 |
mikeb |
Remove modular exponential groups specified in RFC5114
Brought up by doug@, ok reyk, djm, doug
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.18 |
|
12-Oct-2014 |
jsg |
DH_compute_key() returns -1 on error but this was not handled by testing the result with a negation.
Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem.
ok reyk@
|
#
1.17 |
|
25-Aug-2014 |
reyk |
Sync dh.[ch] from iked. The files are identical, so any change in either iked or isakmpd should be synced to the other daemon. The previous changes from iked include: plug two memory leaks, verify EC points and add the Brainpool curves. All tests in regress/sbin/isakmpd/dh passed OKAY.
ok markus@ mikeb@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.16 |
|
11-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.15 |
|
04-Jun-2012 |
mikeb |
Rounding up a number of bytes in a bignum returned by the BN_num_bytes() has implications when dealing with leading zeroes. Prevent an incorrect conversion of the EC point to the binary representation by inferring the X and Y components' lengths from the EC group length and zeroing out the appropriate chunks of the target buffer. From hshoexer@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
15-Jun-2011 |
mikeb |
When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves.
Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs.
ok sthen
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.13 |
|
29-Nov-2010 |
markus |
branches: 1.13.2; make key exchange faster by not checking the predefined groups with DH_check() ok mikeb@, djm@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
29-Jun-2010 |
reyk |
branches: 1.12.2; Replace the hand-crafted Diffie-Hellman implementation in isakmpd with the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.11 |
|
04-May-2006 |
djm |
check for degenerate Diffie-Hellman public exponents; ok markus@ hshoexer@ deraadt@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.10 |
|
08-Apr-2005 |
cloder |
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.9 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.8 |
|
03-Jun-2003 |
ho |
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.7 |
|
09-Jun-2002 |
todd |
rm trailing whitespace
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE OPENBSD_3_1_BASE
|
#
1.6 |
|
09-Apr-2001 |
ho |
More style fixes...
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.5 |
|
19-Apr-1999 |
niklas |
branches: 1.5.6; ./cookie.c: Merge with EOM 1.20 ./dh.c: Merge with EOM 1.5 ./hash.c: Merge with EOM 1.10 ./math_group.h: Merge with EOM 1.7
Style. alloc error reporting. Math error propagation. Allocate right sizes.
1999 copyrights
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.4 |
|
26-Feb-1999 |
niklas |
Merge from the Ericsson repository | revision 1.3 | date: 1999/02/25 11:38:51; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
|
#
1.3 |
|
17-Nov-1998 |
niklas |
Add RCS Ids from the EOM repository
|
#
1.2 |
|
15-Nov-1998 |
niklas |
openBSD RCS IDs
|
#
1.1 |
|
15-Nov-1998 |
niklas |
branches: 1.1.1; Initial revision
|
#
1.21 |
|
08-Nov-2017 |
patrick |
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included.
The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy.
Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds.
Prompted by and ok mpi@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.20 |
|
04-Jan-2017 |
mikeb |
Remove modular exponential groups specified in RFC5114
Brought up by doug@, ok reyk, djm, doug
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.18 |
|
12-Oct-2014 |
jsg |
DH_compute_key() returns -1 on error but this was not handled by testing the result with a negation.
Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem.
ok reyk@
|
#
1.17 |
|
25-Aug-2014 |
reyk |
Sync dh.[ch] from iked. The files are identical, so any change in either iked or isakmpd should be synced to the other daemon. The previous changes from iked include: plug two memory leaks, verify EC points and add the Brainpool curves. All tests in regress/sbin/isakmpd/dh passed OKAY.
ok markus@ mikeb@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.16 |
|
11-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.15 |
|
04-Jun-2012 |
mikeb |
Rounding up a number of bytes in a bignum returned by the BN_num_bytes() has implications when dealing with leading zeroes. Prevent an incorrect conversion of the EC point to the binary representation by inferring the X and Y components' lengths from the EC group length and zeroing out the appropriate chunks of the target buffer. From hshoexer@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.14 |
|
15-Jun-2011 |
mikeb |
When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves.
Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs.
ok sthen
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.13 |
|
29-Nov-2010 |
markus |
branches: 1.13.2; make key exchange faster by not checking the predefined groups with DH_check() ok mikeb@, djm@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
29-Jun-2010 |
reyk |
branches: 1.12.2; Replace the hand-crafted Diffie-Hellman implementation in isakmpd with the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.11 |
|
04-May-2006 |
djm |
check for degenerate Diffie-Hellman public exponents; ok markus@ hshoexer@ deraadt@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.10 |
|
08-Apr-2005 |
cloder |
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.9 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.8 |
|
03-Jun-2003 |
ho |
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.7 |
|
09-Jun-2002 |
todd |
rm trailing whitespace
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE OPENBSD_3_1_BASE
|
#
1.6 |
|
09-Apr-2001 |
ho |
More style fixes...
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.5 |
|
19-Apr-1999 |
niklas |
branches: 1.5.6; ./cookie.c: Merge with EOM 1.20 ./dh.c: Merge with EOM 1.5 ./hash.c: Merge with EOM 1.10 ./math_group.h: Merge with EOM 1.7
Style. alloc error reporting. Math error propagation. Allocate right sizes.
1999 copyrights
|
Revision tags: OPENBSD_2_5_BASE
|
#
1.4 |
|
26-Feb-1999 |
niklas |
Merge from the Ericsson repository | revision 1.3 | date: 1999/02/25 11:38:51; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
|
#
1.3 |
|
17-Nov-1998 |
niklas |
Add RCS Ids from the EOM repository
|
#
1.2 |
|
15-Nov-1998 |
niklas |
openBSD RCS IDs
|
#
1.1 |
|
15-Nov-1998 |
niklas |
branches: 1.1.1; Initial revision
|