![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / isakmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.27 / (download) - annotate - [select for diffs], Wed Nov 8 13:33:49 2017 UTC (6 years, 7 months ago) by patrick
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
HEAD
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included. The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy. Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds. Prompted by and ok mpi@
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jun 2 18:08:56 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.25: +64 -63 lines
Diff to previous 1.25 (colored)
Big whitespace cleanup.
Revision 1.25 / (download) - annotate - [select for diffs], Fri Apr 8 16:52:41 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.24: +1 -5 lines
Diff to previous 1.24 (colored)
always enable aggressive, dpd, and isakmp_cfg
Revision 1.24 / (download) - annotate - [select for diffs], Sun May 23 18:17:56 2004 UTC (20 years ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.23: +14 -18 lines
Diff to previous 1.23 (colored)
More KNF. Mainly spaces and line-wraps, no binary change. ok ho@
Revision 1.23 / (download) - annotate - [select for diffs], Thu Apr 15 18:39:25 2004 UTC (20 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.22: +104 -100 lines
Diff to previous 1.22 (colored)
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
Revision 1.22 / (download) - annotate - [select for diffs], Wed Jun 4 07:31:17 2003 UTC (21 years ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5,
OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.21: +1 -6 lines
Diff to previous 1.21 (colored)
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos D. Keromytis and Niels Provos.
Revision 1.21 / (download) - annotate - [select for diffs], Sun Jun 9 08:13:06 2002 UTC (22 years ago) by todd
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
rm trailing whitespace
Revision 1.20 / (download) - annotate - [select for diffs], Sat Jun 8 23:09:46 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.19: +3 -2 lines
Diff to previous 1.19 (colored)
add cfg_type
Revision 1.19 / (download) - annotate - [select for diffs], Wed Aug 22 08:49:00 2001 UTC (22 years, 9 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1,
OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)
Add ipsec_id_string, a function for converting IDs to on epossible string form, to be used for IKE mode config and raw key selection by ID. Not yet used though.
Revision 1.18 / (download) - annotate - [select for diffs], Sun Jul 1 20:43:39 2001 UTC (22 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.17: +19 -5 lines
Diff to previous 1.17 (colored)
ISAKMP configuration, a.k.a IKECFG or "mode-config", protocol implementation. Disabled, has no configuration mechanism yet. This will be used for roaming users, who are going to get parameters like IP-address and nameserver from its peer, very much like DHCP, but securily inside an ISAKMP connection and still in time before negotiation of IPsec connections. You may see stylistic fixes in this commit too. Add some not yet used Makefile magic to deal with DNSSEC- enabled OpenSSL too. The IKECFG code work was sponsered by Gatespace Inc. Thank you! Configuration will come very soon, btw.
Revision 1.17 / (download) - annotate - [select for diffs], Fri Jun 29 04:12:00 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.16: +9 -8 lines
Diff to previous 1.16 (colored)
Initial IPv6 support. (niklas@ ok)
Revision 1.16 / (download) - annotate - [select for diffs], Wed Jun 27 03:31:41 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
Consistently use "IPsec" capitalization (jsyn@nthought.com)
Revision 1.14.2.1 / (download) - annotate - [select for diffs], Tue May 8 12:45:23 2001 UTC (23 years, 1 month ago) by ho
Branch: OPENBSD_2_8
Changes since 1.14: +7 -3 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)
Pull in isakmpd from 2.9 to 2.8 branch.
Revision 1.15 / (download) - annotate - [select for diffs], Tue Dec 12 01:44:59 2000 UTC (23 years, 6 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.14: +7 -3 lines
Diff to previous 1.14 (colored)
Merge with EOM 1.42 author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs).
Revision 1.14 / (download) - annotate - [select for diffs], Thu Aug 3 07:24:48 2000 UTC (23 years, 10 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.13: +6 -2 lines
Diff to previous 1.13 (colored)
Merge with EOM 1.41 author: provos introduce ipsec_decode_ids, also decodes FQDN and USER_FQDN now. new ipsec_clone_id to copy IDs to phase 2 SAs for better status reports. okay angelos@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Feb 1 02:46:18 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.12: +3 -2 lines
Diff to previous 1.12 (colored)
apps/certpatch/certpatch.8: Merge with EOM 1.4 apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46 author: niklas Angelos copyrights
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jan 26 15:25:01 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)
Merge with EOM 1.39 author: angelos Oops on previous PFS-policy patch. Small fixes in the manpages.
Revision 1.11 / (download) - annotate - [select for diffs], Thu Aug 5 22:41:31 1999 UTC (24 years, 10 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.10: +5 -2 lines
Diff to previous 1.10 (colored)
Merge with EOM 1.38 author: niklas Fix no ID in QM, when acting as responder, bug
Revision 1.10 / (download) - annotate - [select for diffs], Wed Jul 7 22:13:08 1999 UTC (24 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.9: +3 -2 lines
Diff to previous 1.9 (colored)
ipsec.c: Merge with EOM 1.113 ipsec.h: Merge with EOM 1.37 author: niklas Add a function giving the size of a certain ID-payload
Revision 1.9 / (download) - annotate - [select for diffs], Sun May 2 19:20:33 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.8: +4 -2 lines
Diff to previous 1.8 (colored)
BUGS: Merge with EOM 1.31 doi.h: Merge with EOM 1.27 ike_auth.c: Merge with EOM 1.30 ike_quick_mode.c: Merge with EOM 1.85 ipsec.c: Merge with EOM 1.107 ipsec.h: Merge with EOM 1.36 isakmp_doi.c: Merge with EOM 1.39 author: niklas Factor out keyed hashing of all payloads with SKEYID_a, and make DOI hooks for informational exchanges to add such hashing. Use it from QM and the IKE authentication module too. Remove some bogus XXX comments. Add error reporting
Revision 1.8 / (download) - annotate - [select for diffs], Tue Apr 27 21:11:54 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.7: +3 -2 lines
Diff to previous 1.7 (colored)
ike_aggressive.c: Merge with EOM 1.2 ike_main_mode.c: Merge with EOM 1.77 ipsec.h: Merge with EOM 1.35 author: niklas Send out INITIAL-CONTACT notifications
Revision 1.7 / (download) - annotate - [select for diffs], Mon Apr 19 19:54:54 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
./app.c: Merge with EOM 1.5 ./gmp_util.c: Merge with EOM 1.3 ./asn_useful.c: Merge with EOM 1.11 ./attribute.c: Merge with EOM 1.9 ./constants.c: Merge with EOM 1.7 ./doi.h: Merge with EOM 1.25 ./doi.c: Merge with EOM 1.4 ./field.c: Merge with EOM 1.9 ./init.c: Merge with EOM 1.13 ./isakmp_doi.c: Merge with EOM 1.35 ./prf.c: Merge with EOM 1.6 ./util.c: Merge with EOM 1.14 ./app.h: Merge with EOM 1.4 ./conf.h: Merge with EOM 1.8 ./ipsec.h: Merge with EOM 1.34 ./ipsec_doi.h: Merge with EOM 1.10 ./pkcs.h: Merge with EOM 1.8 ./sysdep.h: Merge with EOM 1.15 1999 copyrights
Revision 1.6 / (download) - annotate - [select for diffs], Wed Mar 31 14:27:37 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
ipsec.c: Merge with EOM 1.86 ipsec.h: Merge with EOM 1.33 pf_encap.c: Merge with EOM 1.52 pf_key_v2.c: Merge with EOM 1.3 Fix case of missing client ID payloads, a case the standards allow. Thanks to Michael Paddon (mwp@aba.net.au) for the diffs I based my fix upon. His diff also made me realize I stored the address information in host order in internal structures where I had planned to use network order. Fix this, and remove the XXXes I had due to this elsewhere. Add commentary.
Revision 1.5 / (download) - annotate - [select for diffs], Fri Feb 26 03:44:04 1999 UTC (25 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.4: +9 -2 lines
Diff to previous 1.4 (colored)
Merge from the Ericsson repository | revision 1.32 | date: 1999/02/25 09:30:26; author: niklas; state: Exp; lines: +4 -1 | Replay protection window configurable | ---------------------------- | revision 1.31 | date: 1999/02/14 00:21:12; author: niklas; state: Exp; lines: +2 -1 | Find relevant SAs out of IPsec expiration info. Do not automatically rekey. | ---------------------------- | revision 1.30 | date: 1999/01/31 01:17:01; author: niklas; state: Exp; lines: +4 -1 | splitup ipsec_build_id into more useful API | ----------------------------
Revision 1.4 / (download) - annotate - [select for diffs], Mon Dec 21 01:02:25 1998 UTC (25 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.3: +15 -2 lines
Diff to previous 1.3 (colored)
Last months worth of work on isakmpd, lots done
Revision 1.3 / (download) - annotate - [select for diffs], Tue Nov 17 11:10:13 1998 UTC (25 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)
Add RCS Ids from the EOM repository
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 15 00:43:56 1998 UTC (25 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
openBSD RCS IDs
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 15 00:03:48 1998 UTC (25 years, 7 months ago) by niklas
Branch: NIKLAS
CVS Tags: NIKLAS_981114
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for the OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 15 00:03:48 1998 UTC (25 years, 7 months ago) by niklas
Branch: MAIN
Initial revision