| Age | Commit message (Collapse) | Author |
|---|
|
either iked or isakmpd should be synced to the other daemon. The
previous changes from iked include: plug two memory leaks, verify EC
points and add the Brainpool curves. All tests in
regress/sbin/isakmpd/dh passed OKAY.
ok markus@ mikeb@
|
|
the smaller implementation from iked that is using libcrypto instead.
This allows to remove a lot of code (which is always good), get rid of
some custom crypto code by using libcrypto, theoretically adds
support for many new MODP and EC2N/ECP modes (but it is not configurable
yet), and allows to share the dh.c/dh.h code in different codebases
(it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
|
ok ho@
|
|
are a raft of source code auditors who are willing to help improve this
code only if this is done, and hey, isakmpd does need our standard
auditing process. ok ho hshoexer
|
|
Niels Provos.
|
|
./dh.h: Merge with EOM 1.4
./math_ec2n.c: Merge with EOM 1.8
./crypto.c: Merge with EOM 1.25
./ike_quick_mode.c: Merge with EOM 1.82
./math_group.c: Merge with EOM 1.16
./math_ec2n.h: Merge with EOM 1.4
Style. alloc error reporting. Math error propagation. Allocate right
sizes.
|
|
|
|
|
|
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by
Ericsson Radio Systems. It is not yet complete or usable in a real scenario
but the missing pieces will soon be there. The early commit is for people
who wants early access and who are not afraid of looking at source.
isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so
far, so it is not that incomplete. It is really mostly configuration that
is lacking.
|
