summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2015-01-12Don't forget about protocol specification when configuring flows.Mike Belopuhov
2015-01-02PFS stands for Perfect Forward Secrecy.Igor Sobrado
2014-12-16Replace setpgrp(0, getpid()) with setpgid(0, 0). OK deraadt@ tedu@Todd C. Miller
2014-12-05Store return value of i2d_X509_NAME in a signed integer to makeMike Belopuhov
2014-12-05Specify correct number of iovecs when sending replies to the ikev2 procMike Belopuhov
2014-12-03Init SPI using arc4random_buf, rather than (r << 32) | rTheo de Raadt
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
2014-11-20remove nt and lanman functions which aren't used. ok reyk yasuokaTed Unangst
2014-11-14Add gcc printf format attributes to iked's parse.y and remove unusedDoug Hogan
2014-11-10tweak previous; ok mikebJason McIntyre
2014-11-10copy pubkey section from isakmpd(8); ok reykMike Belopuhov
2014-11-07Fixup a few problems with EAP state transitionMike Belopuhov
2014-11-07Run eap_parse on the actual message and only when the length is rightMike Belopuhov
2014-11-07Repair initiator with PSK authMike Belopuhov
2014-10-29convert simple cases of select() to poll()Theo de Raadt
2014-10-25Remove unnecessary netinet/in_systm.h include.Lawrence Teo
2014-10-18Simple malloc() to reallocarray() conversion to potentially avoid integerDoug Hogan
2014-10-12DH_compute_key() returns -1 on error but this was notJonathan Gray
2014-10-08trivial use of reallocarray()Theo de Raadt
2014-08-27Add support for Curve25519 using the public domain code that is foundReyk Floeter
2014-08-25Add support for DH groups 27-30 using the Brainpool curves which haveReyk Floeter
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
2014-08-18Sync proc.c with httpd. httpd needs SIGUSR1 but iked will ignore itReyk Floeter
2014-08-05Fix an example, nat-to requires to specify the "out" direction in pf rules.Reyk Floeter
2014-07-12Sync msgbuf_write() changes from relayd.Reyk Floeter
2014-07-10add additional includes required to build with -DOPENSSL_NO_DEPRECATEDJonathan Gray
2014-07-09expire IPcomp SAs too; ok mikeb (some time ago)Markus Friedl
2014-06-03Handle the event parameter of libevent callback function as a bitYASUOKA Masahiko
2014-05-13pass SA initiator not the exchange initator to sa_address(); ok mikeb@Markus Friedl
2014-05-09get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't needMarkus Friedl
2014-05-09replace iked_transform pointer with xform id, since target of pointerMarkus Friedl
2014-05-08match iked proc.c infrastructure with proc.cBret Lambert
2014-05-07try postponed requests first, so we do in-order processing; ok mikeb@Markus Friedl
2014-05-07print msgid for debugging; ok reyk & mikebMarkus Friedl
2014-05-07make authentication work with X509 certificates that don't have aMarkus Friedl
2014-05-07factor out ikev2_ike_auth() (state machine; used multiple times via callbacks)Markus Friedl
2014-05-06change the create-child-sa responder code, so it does not store anyMarkus Friedl
2014-05-06zap stray word; ok markusJason McIntyre
2014-05-06Explicitly zero out the ibufs before releasing the memory to make sureReyk Floeter
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-06cleanup IKE-SA tree handling (fixes repeated-insert & double-remove)Markus Friedl
2014-05-06don't sa_free() in the receive path (prevents use-after-free); ok mikeb@Markus Friedl
2014-05-06send the delete with the locally allocated SPI in ikev2_init_create_child_sa()Markus Friedl
2014-05-06make sure some notify payloads are encrypted; ok mikeb@Markus Friedl
2014-05-06initial support for PFS; ok reyk@Markus Friedl
2014-05-06retire IKED_REQ_DELETE and fix delete parsing; ok reyk@Markus Friedl
2014-05-06no need to include rand.h now the RAND_seed() calls are gone.Jonathan Gray
2014-05-05ca_x509_serialize: don't leak the bio buffer; ok reyk@Markus Friedl
2014-05-05make the ca_pubkey_serialize() code similar to the private key code, andMarkus Friedl
2014-05-05pfkey is unreliable, so add a select-timeout before MSG_PEEK;Markus Friedl