#
1.26 |
|
24-Mar-2024 |
yasuoka |
Allow zero-length identity response
ok tobhe
|
Revision tags: OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.25 |
|
18-Jul-2023 |
claudio |
Kill ibuf_cat() since there is now ibuf_add_buf() in the official API. OK tb@ tobhe@
|
#
1.24 |
|
23-May-2023 |
claudio |
Replace ibuf_advance() with ibuf_reserve(). OK tobhe@ tb@ kn@
|
#
1.23 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.22 |
|
03-Dec-2022 |
tobhe |
Include endian.h where needed for betohXX functions.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.21 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.20 |
|
28-Jan-2022 |
guenther |
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Nov-2020 |
tobhe |
Constify sa in ikev2_pld_eap(). The parser code must not change any sa or policy state, this should help make it clearer.
ok patrick@
|
#
1.18 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.17 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.25 |
|
18-Jul-2023 |
claudio |
Kill ibuf_cat() since there is now ibuf_add_buf() in the official API. OK tb@ tobhe@
|
#
1.24 |
|
23-May-2023 |
claudio |
Replace ibuf_advance() with ibuf_reserve(). OK tobhe@ tb@ kn@
|
#
1.23 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.22 |
|
03-Dec-2022 |
tobhe |
Include endian.h where needed for betohXX functions.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.21 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.20 |
|
28-Jan-2022 |
guenther |
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Nov-2020 |
tobhe |
Constify sa in ikev2_pld_eap(). The parser code must not change any sa or policy state, this should help make it clearer.
ok patrick@
|
#
1.18 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.17 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.24 |
|
23-May-2023 |
claudio |
Replace ibuf_advance() with ibuf_reserve(). OK tobhe@ tb@ kn@
|
#
1.23 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.22 |
|
03-Dec-2022 |
tobhe |
Include endian.h where needed for betohXX functions.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.21 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.20 |
|
28-Jan-2022 |
guenther |
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Nov-2020 |
tobhe |
Constify sa in ikev2_pld_eap(). The parser code must not change any sa or policy state, this should help make it clearer.
ok patrick@
|
#
1.18 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.17 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.22 |
|
03-Dec-2022 |
tobhe |
Include endian.h where needed for betohXX functions.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.21 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.20 |
|
28-Jan-2022 |
guenther |
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Nov-2020 |
tobhe |
Constify sa in ikev2_pld_eap(). The parser code must not change any sa or policy state, this should help make it clearer.
ok patrick@
|
#
1.18 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.17 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.21 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.20 |
|
28-Jan-2022 |
guenther |
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Nov-2020 |
tobhe |
Constify sa in ikev2_pld_eap(). The parser code must not change any sa or policy state, this should help make it clearer.
ok patrick@
|
#
1.18 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.17 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.20 |
|
28-Jan-2022 |
guenther |
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Nov-2020 |
tobhe |
Constify sa in ikev2_pld_eap(). The parser code must not change any sa or policy state, this should help make it clearer.
ok patrick@
|
#
1.18 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.17 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.19 |
|
18-Nov-2020 |
tobhe |
Constify sa in ikev2_pld_eap(). The parser code must not change any sa or policy state, this should help make it clearer.
ok patrick@
|
#
1.18 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.17 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.18 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.17 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.16 |
|
16-Sep-2020 |
tobhe |
Move all the EAP logic from a single branch in the message parsing code to somewhere past successful message verification, closer to where the other exchanges are handled. EAP is stll special, but this fits a lot better into the overall architecture.
Tested with iOS, Stronswan and Windows ok patrick@ sthen@
|
#
1.15 |
|
18-Jun-2020 |
tobhe |
Fix handling of short EAP-MSCHAP messages.
ok patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.14 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.13 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.12 |
|
19-Jan-2015 |
mikeb |
Remove unnecessary <netinet/ip_ipsp.h> includes
|
#
1.11 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.10 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.9 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
15-Dec-2012 |
reyk |
Remove unused variables.
|
#
1.6 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.5 |
|
27-May-2011 |
reyk |
spacing
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.4 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.3 |
|
14-Oct-2010 |
dhill |
plug a tiny leak.
ok mikeb@
|
#
1.2 |
|
20-Sep-2010 |
mikeb |
fixup length of an eap identity message payload.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|