| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | encoding: Remove DH public value verification from KE payload | Martin Willi | 2015-03-23 | 1 | -73/+0 |
| | | | | | | | | | This commit reverts 84738b1a and 2ed5f569. As we have no DH group available in the KE payload for IKEv1, the verification can't work in that stage. Instead, we now verify DH groups in the DH backends, which works for any IKE version or any other purpose. | ||||
| * | diffie-hellman: Add a bool return value to get_my_public_value() | Martin Willi | 2015-03-23 | 1 | -2/+8 |
| | | |||||
| * | encoding: Don't verify length of IKEv1 KE payloads | Tobias Brunner | 2015-03-20 | 1 | -0/+6 |
| | | | | | | | The verification introduced with 84738b1aed95 ("encoding: Verify the length of KE payload data for known groups") can't be done for IKEv1 as the KE payload does not contain the DH group. | ||||
| * | encoding: Verify the length of KE payload data for known groups | Martin Willi | 2015-03-18 | 1 | -0/+67 |
| | | | | | | | | IKE is very strict in the length of KE payloads, and it should be safe to strictly verify their length. Not doing so is no direct threat, but allows DDoS amplification by sending short KE payloads for large groups using the target as the source address. | ||||
| * | payload: Use common prefixes for all payload type identifiers | Martin Willi | 2014-06-04 | 1 | -4/+4 |
| | | | | | | The old identifiers did not use a proper namespace and often clashed with other defines. | ||||
| * | Use a generic encoding type for all variable length chunks | Martin Willi | 2012-03-20 | 1 | -2/+2 |
| | | |||||
| * | Add a payload.get_header_length() method, remove header length definitions | Martin Willi | 2012-03-20 | 1 | -5/+12 |
| | | |||||
| * | Simplify signature of get_encoding_rules(), make all rules static | Martin Willi | 2012-03-20 | 1 | -8/+5 |
| | | |||||
| * | Extended KE payload for IKEv1 support | Martin Willi | 2012-03-20 | 1 | -13/+53 |
| | | |||||
| * | Added member fields for reserved bits and bytes in all payloads | Martin Willi | 2011-01-05 | 1 | -10/+21 |
| | | |||||
| * | Migrated ke_payload to INIT/METHOD macros | Martin Willi | 2011-01-05 | 1 | -107/+59 |
| | | |||||
| * | Do not update payload length during generation, allows hooks override ↵ | Martin Willi | 2011-01-05 | 1 | -23/+3 |
| | | | | | payload length | ||||
| * | Moving charon to libcharon. | Tobias Brunner | 2010-03-19 | 1 | -0/+270 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |