[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit fc618e76bce0240ab1cd80274335af1d9cda5d50
Author: Andrew Cagney 
Date:   Thu Mar 8 14:34:12 2018 -0500

testing: add bad payload tests

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 4990611ee483672b82083106a954100cb55033b4
Author: Andrew Cagney 
Date:   Thu Mar 8 14:32:13 2018 -0500

testing: test unknown payload inside of AUTH's SK payload

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit a11eb3203e0aca6506038fdfb72a169cbf6240e4
Author: Andrew Cagney 
Date:   Thu Mar 8 14:20:59 2018 -0500

ikev2: if AUTH reply contains unknown critical or invalid notification, 
delete state

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Tuomo Soini]

New commits:
commit 6e40294972153dd4398977aecd7c6d85bd97359e
Merge: d58bf28 9c3e9ae
Author: Tuomo Soini 
Date:   Thu Mar 8 21:11:29 2018 +0200

Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan

commit d58bf2852f5d84c5b6703a9153d9eb041d2c1b6b
Author: Tuomo Soini 
Date:   Thu Mar 8 20:40:13 2018 +0200

CHANGES: * IKEv2: Fix v3.23 regression causing liveness check to always 
fail [Tuomo]

commit 9e05e6de4db48d7efa7236e87519be3e8ced43c4
Author: Tuomo Soini 
Date:   Thu Mar 8 20:35:49 2018 +0200

ikev2_parent.c: change liveness check responde handling to be DBG_DPD

Also cleanup code to be more readable.

commit 2211f4f86bef70685a231ea0fc3a47b1147a3911
Author: Tuomo Soini 
Date:   Thu Mar 8 20:33:48 2018 +0200

IKEv2: clarify comment about liveness response handling

commit ab38a8843fce429890cb146bc88ae52ec7a51025
Author: Tuomo Soini 
Date:   Thu Mar 8 20:01:21 2018 +0200

Revert "IKEv2: Remove duplicate action on liveness. This was already done"

This reverts commit 048102cb731b6803ca7281d00b4cc054918a4a4e.

This commit causes regession and ikev2 liveness checks cause
tunnel to go down if tunnel is idle because processing won't happen
correctly.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Paul Wouters]

New commits:
commit 9c3e9ae9206d3bca637032c7f44ce93aa87094f2
Author: Paul Wouters 
Date:   Thu Mar 8 22:42:29 2018 +0400

testing: update for sha2_truncbug output moving from bool to policy bit

commit 976d1199cf251f0d00058b7964842e45cd3242a2
Author: Paul Wouters 
Date:   Thu Mar 8 22:41:21 2018 +0400

pluto: clean up sha2_truncbug=yes code

Don't use a bool in whack_message and connection, just use a policy bit.

commit 221450c8e54cec15810e2cf2b13adb4677b75653
Author: Paul Wouters 
Date:   Thu Mar 8 22:19:38 2018 +0400

testing: rename ikev2-algo-sha2-08 -> ikev2-algo-sha2-08-truncbug

commit a031270cefc7a6dc197f2781777aa05b5ad5ebdd
Author: Paul Wouters 
Date:   Thu Mar 8 21:44:20 2018 +0400

pluto: add msdh-downgrade=yes|no (default no) configuration option

This option stands for Microsoft DiffieHellman Downgrade. It is
required for when a Microsoft Windows client is configured to use
DH2048 using the registry value:


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters\NegotiateDH2048_AES256

This option is partially broken, and at rekey times, Windows will
fallback to its (very shamefully default weak) DH1024. This option
allows you to let Windows use this very broken weak perfect forward
secrecy protection anyway. Hopefully Windows will fix this soon.

This commit adds the policy option POLICY_MSDH_DOWNGRADE but does not
actually implement using this policy bit yet.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 6cabd90d8c4ff511e277e8b7df2bfd0c69a9bd4f
Author: Andrew Cagney 
Date:   Thu Mar 8 12:47:20 2018 -0500

testing: test corrupt SK payloads in AUTH packets

commit 8fe9c775b55cac3cc73b9436d5697c19fe16fff4
Author: Andrew Cagney 
Date:   Thu Mar 8 13:02:52 2018 -0500

crypto: make the offloading and starting SKEYSEED log messages different

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 0f4ec685ea23f38738ec015f97b1d1751d8b1695
Author: Andrew Cagney 
Date:   Thu Mar 8 12:10:13 2018 -0500

ikev2: clean up logging of corrupt payloads

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 82b96c9e0104fa78d9c6849600e60ed71e24336e
Author: Andrew Cagney 
Date:   Thu Mar 8 12:30:43 2018 -0500

look: strip trailing white space from xfrm policy output

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 2989c79cc317a34558f4b667961865347d94270a
Author: Andrew Cagney 
Date:   Thu Mar 8 12:08:57 2018 -0500

testing: update expected xfrm policy output for a few tests

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 24d1f0a198a377b10e0794ecabf4f189f7aeea79
Author: Andrew Cagney 
Date:   Thu Mar 8 11:13:06 2018 -0500

look: sort XFRM policy by PROTOCOL TYPE PRIORITY

Continuing d5f583c8cecce117b6d807362f6c28d6b7fc7047

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit 2a91eb78a61d72c277df2a9b8aff8c145567344b
Author: Andrew Cagney 
Date:   Mon Mar 5 20:46:33 2018 -0500

ikev2: split ikev2_parent_inI2outR2() into pre-and post SKEYID parts

Once SKEYID has been computed call ikev2_process_state_packet()
letting the state machine finish decrypting and processing the packet

This fixes a bug where corrupt AUTH requests would cause the IKE SA
responder to re-compute g^{xy}.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Andrew Cagney]

New commits:
commit d5f583c8cecce117b6d807362f6c28d6b7fc7047
Author: Andrew Cagney 
Date:   Thu Mar 8 10:22:28 2018 -0500

look: sort XFRM policy by protocol then priority

Since IKEv4 and IKEv6 priorities are orthogonal.

Follow on to 035c00a030e09c2892111cc7ff1b33dc60fab54c which just
sorted things by priority.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

[Paul Wouters]

New commits:
commit ed6c3a51cd4c107745d12b96c3559283485323d3
Author: Paul Wouters 
Date:   Wed Mar 7 14:05:02 2018 -0500

whack: add support for --name  to ipsec whack --trafficstatus

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit