openbsd-src/sbin/iked/ at trash-bin2 · jcs.org/openbsd-src

jcs.org / openbsd-src

jcs's openbsd hax

openbsd

openbsd-src / sbin / iked /

at trash-bin2 38 files

Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).

4 years ago

Move raw pubkey bytes to EVP_PKEY conversion to common function.

4 years ago

Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.

5 years ago

Switch iked to C99-style fixed-width integer types.

10 years ago

Move ikev2_reset_alive_timer() to a place where it makes more sense. The idea is to renew the timer every time sc_alive_timeout is reset after loading a new config.

3 years ago

Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.

4 years ago

Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.

4 years ago

Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).

4 years ago

Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).

4 years ago

Avoid a potential double free in group_free()

4 years ago

Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).

4 years ago

When it's the possessive of 'it', it's spelled "its", without the apostrophe.

4 years ago

Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.

5 years ago

Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)

11 years ago

add -V to usage(), and list it before -v in both SYNOPSIS and the options list;

4 years ago

whitespace cleanup during review read

4 years ago

Document sntrup761x25519 key exchange.

4 years ago

Improve retransmission of message fragments. RFC 7383 states that loss of a single fragment results in a retransmit of all fragments belonging to the same message. Instead of treating each fragment as message with seperate retransmit timer, keep only a single timer for all fragments of a message and retransmit all fragments in order on timeout. Improves reliability in case of packet loss when fragmentation is enabled.

4 years ago

Improve retransmission of message fragments. RFC 7383 states that loss of a single fragment results in a retransmit of all fragments belonging to the same message. Instead of treating each fragment as message with seperate retransmit timer, keep only a single timer for all fragments of a message and retransmit all fragments in order on timeout. Improves reliability in case of packet loss when fragmentation is enabled.

4 years ago

Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).

4 years ago

Improve retransmission of message fragments. RFC 7383 states that loss of a single fragment results in a retransmit of all fragments belonging to the same message. Instead of treating each fragment as message with seperate retransmit timer, keep only a single timer for all fragments of a message and retransmit all fragments in order on timeout. Improves reliability in case of packet loss when fragmentation is enabled.

4 years ago

Improve retransmission of message fragments. RFC 7383 states that loss of a single fragment results in a retransmit of all fragments belonging to the same message. Instead of treating each fragment as message with seperate retransmit timer, keep only a single timer for all fragments of a message and retransmit all fragments in order on timeout. Improves reliability in case of packet loss when fragmentation is enabled.

4 years ago

Avoid calling ibuf_add() with NULL and zero length.

4 years ago

From a syslog perspective it does not make sense to log fatal and warn with the same severity. Switch log_warn() to LOG_ERR and keep fatal() at LOG_CRIT. OK reyk@ florian@

9 years ago

Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.

4 years ago

Fix leak of esnxf if esn ore noesn are configured explicitly.

4 years ago

Remove unused variable fd.

4 years ago

whitespace cleanup during review read

4 years ago

Make proto config option accept a list to allow specifying multiple protocols for a single policy, e.g. "proto { ipencap, ipv6 }".

4 years ago

Move TAILQ initialization to files where they are used.

5 years ago

smult_curve25519_ref.c

Add support for Curve25519 using the public domain code that is found in OpenSSH. The "private use" DH group 1034 is based on the value that was picked by strongswan recently.

11 years ago

Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).

4 years ago

Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).

4 years ago

Disable the timer event before attempting to change it

9 years ago

IKED_LIFETIME_BYTES is > 2GB, and potentially used in strange place, it should really be marked ULL ok bluhm tobhe

4 years ago

Remove dead assignments.

5 years ago

Move towards OpenIKED 7.1

3 years ago

Make sure contents of vroute messages are aligned properly. Fixes address autoconfiguration on octeon.

4 years ago