[Swan-commit] Changes to ref refs/heads/master
New commits: commit fc618e76bce0240ab1cd80274335af1d9cda5d50 Author: Andrew Cagney Date: Thu Mar 8 14:34:12 2018 -0500 testing: add bad payload tests ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 4990611ee483672b82083106a954100cb55033b4 Author: Andrew Cagney Date: Thu Mar 8 14:32:13 2018 -0500 testing: test unknown payload inside of AUTH's SK payload ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit a11eb3203e0aca6506038fdfb72a169cbf6240e4 Author: Andrew Cagney Date: Thu Mar 8 14:20:59 2018 -0500 ikev2: if AUTH reply contains unknown critical or invalid notification, delete state ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 6e40294972153dd4398977aecd7c6d85bd97359e Merge: d58bf28 9c3e9ae Author: Tuomo Soini Date: Thu Mar 8 21:11:29 2018 +0200 Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan commit d58bf2852f5d84c5b6703a9153d9eb041d2c1b6b Author: Tuomo Soini Date: Thu Mar 8 20:40:13 2018 +0200 CHANGES: * IKEv2: Fix v3.23 regression causing liveness check to always fail [Tuomo] commit 9e05e6de4db48d7efa7236e87519be3e8ced43c4 Author: Tuomo Soini Date: Thu Mar 8 20:35:49 2018 +0200 ikev2_parent.c: change liveness check responde handling to be DBG_DPD Also cleanup code to be more readable. commit 2211f4f86bef70685a231ea0fc3a47b1147a3911 Author: Tuomo Soini Date: Thu Mar 8 20:33:48 2018 +0200 IKEv2: clarify comment about liveness response handling commit ab38a8843fce429890cb146bc88ae52ec7a51025 Author: Tuomo Soini Date: Thu Mar 8 20:01:21 2018 +0200 Revert "IKEv2: Remove duplicate action on liveness. This was already done" This reverts commit 048102cb731b6803ca7281d00b4cc054918a4a4e. This commit causes regession and ikev2 liveness checks cause tunnel to go down if tunnel is idle because processing won't happen correctly. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 9c3e9ae9206d3bca637032c7f44ce93aa87094f2 Author: Paul Wouters Date: Thu Mar 8 22:42:29 2018 +0400 testing: update for sha2_truncbug output moving from bool to policy bit commit 976d1199cf251f0d00058b7964842e45cd3242a2 Author: Paul Wouters Date: Thu Mar 8 22:41:21 2018 +0400 pluto: clean up sha2_truncbug=yes code Don't use a bool in whack_message and connection, just use a policy bit. commit 221450c8e54cec15810e2cf2b13adb4677b75653 Author: Paul Wouters Date: Thu Mar 8 22:19:38 2018 +0400 testing: rename ikev2-algo-sha2-08 -> ikev2-algo-sha2-08-truncbug commit a031270cefc7a6dc197f2781777aa05b5ad5ebdd Author: Paul Wouters Date: Thu Mar 8 21:44:20 2018 +0400 pluto: add msdh-downgrade=yes|no (default no) configuration option This option stands for Microsoft DiffieHellman Downgrade. It is required for when a Microsoft Windows client is configured to use DH2048 using the registry value: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters\NegotiateDH2048_AES256 This option is partially broken, and at rekey times, Windows will fallback to its (very shamefully default weak) DH1024. This option allows you to let Windows use this very broken weak perfect forward secrecy protection anyway. Hopefully Windows will fix this soon. This commit adds the policy option POLICY_MSDH_DOWNGRADE but does not actually implement using this policy bit yet. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 6cabd90d8c4ff511e277e8b7df2bfd0c69a9bd4f Author: Andrew Cagney Date: Thu Mar 8 12:47:20 2018 -0500 testing: test corrupt SK payloads in AUTH packets commit 8fe9c775b55cac3cc73b9436d5697c19fe16fff4 Author: Andrew Cagney Date: Thu Mar 8 13:02:52 2018 -0500 crypto: make the offloading and starting SKEYSEED log messages different ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 0f4ec685ea23f38738ec015f97b1d1751d8b1695 Author: Andrew Cagney Date: Thu Mar 8 12:10:13 2018 -0500 ikev2: clean up logging of corrupt payloads ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 82b96c9e0104fa78d9c6849600e60ed71e24336e Author: Andrew Cagney Date: Thu Mar 8 12:30:43 2018 -0500 look: strip trailing white space from xfrm policy output ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 2989c79cc317a34558f4b667961865347d94270a Author: Andrew Cagney Date: Thu Mar 8 12:08:57 2018 -0500 testing: update expected xfrm policy output for a few tests ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 24d1f0a198a377b10e0794ecabf4f189f7aeea79 Author: Andrew Cagney Date: Thu Mar 8 11:13:06 2018 -0500 look: sort XFRM policy by PROTOCOL TYPE PRIORITY Continuing d5f583c8cecce117b6d807362f6c28d6b7fc7047 ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 2a91eb78a61d72c277df2a9b8aff8c145567344b Author: Andrew Cagney Date: Mon Mar 5 20:46:33 2018 -0500 ikev2: split ikev2_parent_inI2outR2() into pre-and post SKEYID parts Once SKEYID has been computed call ikev2_process_state_packet() letting the state machine finish decrypting and processing the packet This fixes a bug where corrupt AUTH requests would cause the IKE SA responder to re-compute g^{xy}. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit d5f583c8cecce117b6d807362f6c28d6b7fc7047 Author: Andrew Cagney Date: Thu Mar 8 10:22:28 2018 -0500 look: sort XFRM policy by protocol then priority Since IKEv4 and IKEv6 priorities are orthogonal. Follow on to 035c00a030e09c2892111cc7ff1b33dc60fab54c which just sorted things by priority. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit ed6c3a51cd4c107745d12b96c3559283485323d3 Author: Paul Wouters Date: Wed Mar 7 14:05:02 2018 -0500 whack: add support for --name to ipsec whack --trafficstatus ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit