[Swan-commit] Changes to ref refs/heads/master
New commits: commit d492eb5666f45d517dbdcfe283ab2d1e74341f74 Author: Paul Wouters Date: Mon Jan 21 22:40:33 2019 -0500 pluto: AH rekeying has no encrypter - don't assume one commit 05c122a14cd0a5ce8eec9695c413c47d0dbd3e08 Author: Paul Wouters Date: Mon Jan 21 22:39:37 2019 -0500 testing: interop-ikev2-strongswan-01-ah-algo-responder add AH rekey test commit 9a1fc2e175347de99bc1c86a9ad3b45654774301 Author: Paul Wouters Date: Mon Jan 21 21:38:10 2019 -0500 testing: various updates of many test cases - related to no longer loading all certs on both ends - some strongswan updates - some logging "Message ID:" updates - fragment number changes commit baed5cadf45234eb16c077676dba8387ca2a8ea1 Author: Paul Wouters Date: Mon Jan 21 19:42:05 2019 -0500 testing: fixup interop-ikev2-strongswan-39-fragmentation-aes-gcm but still failing It looks like we send the right ID from libreswan, but strongswan receives it properly, yet rejects it oddly enough? commit 1a4c4b340af3a48f73eb731233d538cd884e64ec Author: Paul Wouters Date: Mon Jan 21 19:28:53 2019 -0500 testing: minor updates to VTI test cases and newoe-18-poc-poc commit 98e6c8853f16fd0fbde9b3bfa1896bd2006a4b63 Author: Paul Wouters Date: Mon Jan 21 19:27:04 2019 -0500 testing: fixup RSA-PSS test cases These are not using a CA, but depend on having preloaded certificates. However, in ipsec.conf.common we had removed this recently, as it was interfering with tests of CERT payloads over IKE. So now these tests load the certs explicitely on the libreswan endpoint. Also some minor output updates for strongswan commit 1e7bab6258b9d35f227754a3dcbbccf1c94bdb8e Author: Paul Wouters Date: Mon Jan 21 18:00:38 2019 -0500 testing: l2tp-0[12] fixup ppp config, and byte counter change commit aeda565bc216df7e69369516a1edd39449d83679 Author: Paul Wouters Date: Mon Jan 21 17:22:12 2019 -0500 testing: fixup newoe-21-liveness-clear to exclude accidental grep of new log msgs commit bd23d7d8fc4a04187c8d1b723f21470b2a1805f8 Author: Paul Wouters Date: Mon Jan 21 17:19:02 2019 -0500 testing: fixup ikev2 in netkey-vti-09 ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 69d0a467bebf6d992ea48cc4cc6d05ca9edf8e7c Author: Andrew Cagney Date: Mon Jan 21 18:26:02 2019 -0500 state: move insert_state()'s refresh_state() call to call sites Split adding a state to the DB (can happen far earlier) and calling log_state() to execute PLUTO_STATS_BINARY. Suspect many of the reset_state() calls are redundant. For instance, in the code sequence: change_state(st, new-state); insert_state(st); refresh_state(st); change_state() has already called log_state(). Suspect the log_state() feature isn't tested. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 5e9c39ca9551dffd61c20c41a1d52321f17b4d99 Author: Andrew Cagney Date: Tue Jan 8 21:16:08 2019 -0500 logging: replace LSWBUF_ARRAY() with buf = array_as_fmtbuf(...) commit c69dc250051c98135a18a8ec79f7e9165f56c5df Author: Andrew Cagney Date: Fri Dec 14 15:21:30 2018 -0500 logging: move struct lswlog to fmtbuf.[hc] and define opaque fmtbuf_t type Wrap old calls. Better separate a formatted string buffer from the logging code. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 0f034c5f5be7d8c9f33946ff806c4ae294a07058 Author: Andrew Cagney Date: Mon Jan 21 18:02:10 2019 -0500 state: pass the IKE SPIi and SPIr to new_state() This means new_state() has everything it needs to add the state to the IKE SPI[ir] tables (contrary to what insert_state() claims). For IKEv1, rename new_v1_state() to new_v1_istate() (I for initiator) matching the existing new_v1_rstate() (R for responder I guess). For IKEv2, pass SPI[ir] explicitly. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 821f69b181b576eb438660d1398b8f59eebf22c8 Merge: d5f8799 e7303b7 Author: Andrew Cagney Date: Mon Jan 21 14:19:53 2019 -0500 state: add generic state_by_ike_spis(ike_spis_t) function, use Abstract searching the IKE_SPIs table (i.e, hide assumption that the table is implemented using a hash function). (It should be noted that some of the lookups, such as for find_state_ikev2_child() seem far more complex then needed) Merge commit 'e7303b79443692ff320f0a42df27b8e938229053' commit e7303b79443692ff320f0a42df27b8e938229053 Author: Andrew Cagney Date: Thu Jan 17 13:07:10 2019 -0500 state: make ike_spis_slot() static, delete ike_spi_slot() commit 20267fd7123248a954cb03128f927f61afc7baf9 Author: Andrew Cagney Date: Wed Jan 9 13:40:43 2019 -0500 state: implement delete_my_family() using state_by_ike_spis() commit 87a5fc6fddebba339b4d3feef65993a589b08729 Author: Andrew Cagney Date: Fri Jan 18 11:18:14 2019 -0500 ikev2: implement v2_migrate_children() using state_by_ike_spis() commit c98719758d1179f9f6cd7bb739e5c2fac6641384 Author: Andrew Cagney Date: Fri Jan 18 11:12:27 2019 -0500 ikev1: add find_v1_info_state(ike_spis_t), use state_by_ike_spis() Replaces ikev1_find_info_state(). commit f3df71091996a2a18462637c2b0880d08c10a970 Author: Andrew Cagney Date: Fri Jan 18 11:04:49 2019 -0500 ikev2: implement find_v2_child_sa_by_outbound_spi() using state_by_ike_spis() commit 2d1f6989bb6158f81a38598308557fcc298b Author: Andrew Cagney Date: Fri Jan 18 10:57:57 2019 -0500 ikev2: pass ike_spis_t to find_state_ikev2_child(), use state_by_ike_spis() commit 7879bfae2dd2d131ecad759c03fbe4cf76235a48 Author: Andrew Cagney Date: Thu Jan 17 14:41:13 2019 -0500 ikev2: implement DBG_v2_sa_by_msgid(SPI[ir]) using state_by_ike_spis() Replaces DBG_v2_sa_by_message_id(SPIi, SPIr, ...). commit 5b4b64c7b6bedbbd6d6a6a1f81cf22ae4446d3f3 Author: Andrew Cagney Date: Thu Jan 17 14:30:20 2019 -0500 ikev2: in v2_expire_unused_ike_sa() use state_by_ike_spis() when searching for any child commit e720a3e10aaf8df40baf8315ffe571d9ac10c370 Author: Andrew Cagney Date: Mon Jan 14 15:14:26 2019 -0500 ikev2: pass ike_spis_t to find_v2_ike_sa(), implement using state_by_ike_spis() commit 34fc773a4f35b2c1ed567bdb629f6cf317da5690 Author: Andrew Cagney Date: Thu Jan 10 14:29:31 2019 -0500 ikev1: pass ike_spis_t to find_state_ikev1(), use generic lookup commit 84e1fb1b6e79d5d72571f35177a7b4fb9957dce5 Author: Andrew Cagney Date: Thu Jan 10 14:06:11 2019 -0500 state: add generic state_by_ike_spis() function ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit d5f879904fc24ceedce1854e90f92ec2a59b9112 Author: Andrew Cagney Date: Mon Jan 21 13:53:08 2019 -0500 testing: replace delete-on-retransmit with suppress-retransmits See a3680f7b4248bffa9232fe4fb7b5abcbb9c5e4cc ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 32dcdaaf17dd8b0f5fe137485c6d1a1e62bbba8d Author: Paul Wouters Date: Mon Jan 21 10:38:07 2019 -0500 testing: interop-ikev2-strongswan-04-x509-responder-certreq add empty console text ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 286aad6e6ee24907d440653edd2a046d03119534 Author: Paul Wouters Date: Mon Jan 21 10:33:44 2019 -0500 testing: add empty consoles for ikev2-26-keyingtries this test fails, but should not say "unchecked". ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit abb02a4e3a9d4403151aae29cc6b7bc27dcabac3 Author: D. Hugh Redelmeier Date: Mon Jan 21 10:14:06 2019 -0500 Pluto: a little bit of weeding - reduce heap use + Hashes fit in a buffer of modest and bounded size. If the lifetime of the buffer suits stack allocation, use auto. This reduces code complexity and the real chance of leaks. ikev2_calculate_ecdsa_hash ikev2_verify_ecdsa_hash (a leak eliminated) + replace create_unified_ppk_id with emit_unified_ppk_id so no heap-allocated chunk is required. Simpler too. - delay heap use + move chunk cloning to caller of rfc_resource_record_to_rsa_pubkey + unsure of unpack_ECDSA_public_key so added ??? comment - use bool-valued expression in boolean contexts (don't use pointers or ints; result of bitwise operator OK) - reduce scope of autos; don't reuse autos - add a couple of ??? comments - in a function definition, if the argument list is too long for one line, put each argument on its own line. crypt_hash_init, crypt_hash_digest_bytes - sprinkle const - in ikev2_ecdsa.c: sporadic use of FALSE and TRUE replaced by false and true. - use size_t for sizes, even though previous unsigned int would work: this makes it clearer that variable is about sizes. - spelling ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
