[Swan-commit] Changes to ref refs/heads/master

[Tuomo Soini]

New commits:
commit 05076f10883b22fc9589d3b42d8321d705aaaee5
Author: Tuomo Soini 
Date:   Wed Apr 29 10:03:57 2015 +0300

config.mk: use long option names for modprobe for readability

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit b2c7a68d07e5d98cd8c0e072ca364ae7642253b8
Author: Andrew Cagney 
Date:   Wed Apr 29 10:20:31 2015 -0400

pluto: wasn't freeing AAD buffer

Part of startup.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 82fd22ab5a95e2f3772a7edd8e29a98b40af125e
Merge: b2c7a68 b694d92
Author: Andrew Cagney 
Date:   Wed Apr 29 10:46:25 2015 -0400

pluto: re-implement PRF eliminating duplicates; add CAVP test program

The file crypt_prf.c implements rfc2104 PRF using PK11SymKey and
PK11_Derive.  It doesn't use NSS's lower-level HASH interface
as that writes the result to an unprotected buffer.  The down
side is that it has to create/free lots of PK11SymKeys.

It can be tested by feeding the CAVP program test vectors from NIST.

The old PRF code, found in hmac.c(1) and crypt_dh.c(2), has been
replaced with calls to the above.

Notes:

crypt_symkey.c, which provides sane wrappers around
PK11_Derive, could do with a further clean-up - pluto,
since for ever, has been creating scratch keys of type
CKM_CONCATENATE_BASE_AND_DATA.

It would be nice to eliminate the hmac_init et.al. wrappers;
it would simplify ikev1_quick.c.

More crypto material should be left in PK11SymKeys and
only copied to buffers when needed.

All code should switch to crypt_symkey.c; especially free_any_symkey().

All code should switch to DBG_dump_symkey; it only dumps the
raw key when DBG_PRIVATE.

NSS needs an interface that doesn't leak results and doesn't
force a lot of PK11SymKey create/freeing.

Merges prf-rewrite branch.

commit b694d928a156a0a362c5e2fe4832dd9232be6f4c
Author: Andrew Cagney 
Date:   Wed Apr 29 10:19:02 2015 -0400

pluto: testing: cleanly shutdown NSS after running tests

commit bb91124f055b9706b8ac59b864978a4247a8a5eb
Author: Andrew Cagney 
Date:   Tue Apr 28 22:01:00 2015 -0400

pluto: try to make debug messages from crypt_symkey.c slightly less cryptic

commit dc6685d87ac099a0d81ae1957030cfb908984fbc
Author: Andrew Cagney 
Date:   Tue Apr 28 14:23:43 2015 -0400

pluto: add free_any_symkey function; call from new PRF code

Leaves old code :-(

commit 4f2f53136e4da1b7720d8cf68c135abef81359bc
Merge: 14bc2f4 9efef74
Author: Paul Wouters 
Date:   Tue Apr 28 13:03:59 2015 -0400

Merge branch 'prf-rewrite' of vault.libreswan.org:/srv/src/libreswan into 
prf-rewrite

commit 9efef744462aecabaa20ad5767a489accbd20aca
Author: Andrew Cagney 
Date:   Tue Apr 28 12:11:41 2015 -0400

pluto: add missing free to ikev2_prfplus

commit 1b1a4dd59faf457be40c6d0a35b39c73112537bf
Author: Andrew Cagney 
Date:   Tue Apr 28 11:20:33 2015 -0400

pluto: add more missing cases to ckm_to_string

(also return upper-case strings so spotting them is easier)

commit 64e0bfbdd6e2e1cb633b29fa29c46eb44538b9ea
Merge: 5fc2d9a bbc36b1
Author: Paul Wouters 
Date:   Mon Apr 27 19:53:33 2015 -0400

Merge branch 'prf-rewrite' of vault.libreswan.fi:/srv/src/libreswan into 
prf-rewrite

commit bbc36b1ce448a00dac21b8b06b092e58827c5d67
Author: Andrew Cagney 
Date:   Mon Apr 27 19:28:15 2015 -0400

pluto: re-implement hmac.c using crypt_prf.c

This should mean that there's only one PRF implementation
in the code base.

Nice to have is go through the hmac.c callers and have
them use crypt_prf directly.

commit 132159ff79c5533af81bca6d0894f7c31dad93b5
Author: Andrew Cagney 
Date:   Mon Apr 27 19:26:34 2015 -0400

pluto: implement crypt_prf_final_bytes and crypt_prf_update_bytes methods

makes re-implementing hmac.c easier (and for that matter
hashing stuff on the wire).

commit 27626fba84d19b8dfafce2f496929c61ddd7c4cf
Author: Andrew Cagney 
Date:   Mon Apr 27 19:25:13 2015 -0400

pluto: fix DBG_CRYPT crasher in DBG_dump_symkey when symkey==NULL

commit 39239094bbcf549567470767c79110b226fcf8d2
Author: Andrew Cagney 
Date:   Mon Apr 27 15:33:52 2015 -0400

pluto: add DBG_dump_symkey which tries to keep symkes private

Use, update calls to dump better info.

commit f51d1fd350074cb3167a33ee49a9d0b09ed3b4b4
Author: Andrew Cagney 
Date:   Mon Apr 27 10:33:08 2015 -0400

pluto: add bytes_from_symkey_*; use from chunk_from_symkey_ *

This has the effect of testing the code before something external
uses it.

commit dafcb3244897bf7400f382298697f363f865382c
Author: Andrew Cagney 
Date:   Fri Apr 24 12:12:37 2015 -0400

pluto: add concat_symkey_bytes and append_symkey_bytes

Tweak code so everything uses them (gives better code coverage).

commit e9c7ee73bed3c2ea864a44ab0a37dc152f466f07
Author: Andrew Cagney 
Date:   Fri Apr 24 11:33:13 2015 -0400

pluto: add symkey_from_bytes()

hmac likes lower-level interfaces

commit 693e70bdd4954cb0968cc7115a7afdb54c84d6f0
Author: Andrew Cagney 
Date:   Thu Apr 23 22:31:49 2015 -0400

pluto: add chunk_from_symkey

commit 25509556e5eb40545a7bcd2c1d61a000f976416c
Author: Andrew Cagney 
Date:   Thu Apr 23 22:13:43 2015 -0400

pluto: replace merge_symkey_chunk with merge_symkey_bytes

prep for byte based symkey interfaces.

commit 145eb32316ad3e9b9d92d

[Swan-commit] Changes to ref refs/heads/master

[Paul Wouters]

New commits:
commit 14a9c2ad723f20a38634c0ef782b5a89f4052c9f
Author: Paul Wouters 
Date:   Wed Apr 29 11:33:58 2015 -0400

updated changes

commit 584a60247a49d70a2c1385fd2b972198c32c2e14
Merge: 0decb9f 82fd22a
Author: Paul Wouters 
Date:   Wed Apr 29 11:33:41 2015 -0400

Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan

commit 0decb9fb2fea12392ad038b28c550065c5fe6d42
Author: Paul Wouters 
Date:   Wed Apr 29 03:23:10 2015 -0400

updated v6neighbor-hole.conf

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 5b9adc6a49db447c551cbbf05c3929ab194e3ca7
Author: Andrew Cagney 
Date:   Tue Apr 28 21:28:21 2015 -0400

building: testing: add kvmsh.py alternative to runkvm.py

Uses an interface to talk to virsh:
- supports warm-boot and shut-down
- can 'chdir .' as in figure out were '.' is on the remote machine
and change to it
- really sends cntrl-c
- uses very long timeouts (if the machine is booting then sending
cntrl-c won't help)
Top-level kvm-update command switched to kvmsh.py.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Paul Wouters]

New commits:
commit 92d0c2db481b4088bf04a9f0169d2e57617ca154
Author: Paul Wouters 
Date:   Wed Apr 29 12:02:05 2015 -0400

update changes

commit 70d6a1e134dd3a1ba30e19d45344e04c3c55d150
Author: Frank Schmirler 
Date:   Wed Apr 29 11:57:46 2015 -0400

KLIPS: ipsec_rcv_decap_ipip broken for IPv6 lsb#227 [Frank Schmirler]

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 053570a2655dc1a1e82e8226eed27bdc28ebe4fe
Author: Andrew Cagney 
Date:   Wed Apr 29 15:48:24 2015 -0400

building: undefine _FORTIFY_SOURCE before defining it

Gentoo helpfully pre-defines it.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit