|
|
81a329682b
|
ec25519-fhmqvc: use different handshake keys as initiator and responder
This ensures that even in the unlikely case of a crossed handshake fastd will
never establish two sessions with the same encryption key
|
2013-08-25 21:20:18 +02:00 |
|
|
|
464b4ed42e
|
ec25519-fhmqvc: put public and secret keys together in a keypair structure
|
2013-08-25 20:45:33 +02:00 |
|
|
|
9aff9fc56e
|
Fix typo in systemd unit description
|
2013-08-21 11:33:32 +02:00 |
|
|
|
4d2db5dbd2
|
OpenBSD doesn't support IPv4 on IPv6 sockets
|
2013-08-20 16:50:51 +02:00 |
|
|
|
d52f208d9f
|
Use v4-mapped addresses for IPv4 peers on IPv6 sockets
This is needed at least on FreeBSD
|
2013-08-20 16:16:55 +02:00 |
|
|
|
f6640a80f4
|
Prevent zero-before-free operations from being optimized out
|
2013-08-20 06:52:03 +02:00 |
|
|
|
d9dc87d840
|
Fix lots of -Wextra warnings
Everything clang and GCC warn about, except GCC's missing-field-initializers
which are just stupid as they don't allow {} syntax to zero a field.
|
2013-08-20 06:08:07 +02:00 |
|
|
|
3fd947a2d1
|
ec25519: add alignment attributes to all keys used as hash inputs
|
2013-08-19 03:31:57 +02:00 |
|
|
|
28c9b536f4
|
ec25519: reorder some code to fix a false-positive "may be used uninitialized" warning
|
2013-08-19 03:03:46 +02:00 |
|
|
|
ca94908db5
|
ec25519: minor code simplifications in handshake handling
|
2013-08-18 12:14:51 +02:00 |
|
|
|
efa0a3607f
|
Cache values calculated in the handshake reponse to reuse them in the finish handling
|
2013-08-17 10:54:21 +02:00 |
|
|
|
49cb21b22d
|
Make handshake records const uint8_t* instead of void*
This enforces explicit casting and thus avoids alignment problems.
|
2013-08-17 10:22:15 +02:00 |
|
|
|
00d7406fe2
|
Slightly improve the SHA256 API
|
2013-08-17 09:37:27 +02:00 |
|
|
|
f12681b09b
|
Check closedir return value
Just for the sake of completeness.
|
2013-08-17 02:49:53 +02:00 |
|
|
|
1ebbf81c00
|
Use readdir instead of readdir_r
readdir_r can be unsafe for very long filenames.
|
2013-08-17 02:34:44 +02:00 |
|
|
|
c2dd57d208
|
lex: fix scanning of IPv6 addresses
|
2013-08-16 06:24:48 +02:00 |
|
|
|
cab67b91b8
|
Fix segfault on single peer includes without name
|
2013-08-16 05:45:01 +02:00 |
|
|
|
0565d0e843
|
Always compile with -Wall (and fix other property settings)
|
2013-08-15 07:07:42 +02:00 |
|
|
|
d6b829effe
|
Don't require NaCl when it is not used
|
2013-08-15 06:54:32 +02:00 |
|
|
|
d6085504ce
|
Align sender key
Unaligned access might be a problem on some architectures, so it's better to
copy it to an aligned buffer before further handling the handshake.
|
2013-08-15 04:03:44 +02:00 |
|
|
|
1bb34487bf
|
Replace NaCl's HMAC implementation
|
2013-08-15 02:44:26 +02:00 |
|
|
|
6ecf69b6e6
|
Add small SHA256 implementation
The NaCl implementation has a code size of more than 10KiB.
|
2013-08-15 01:18:51 +02:00 |
|
|
|
e10944f8c9
|
Allow disabling redundant command line options
|
2013-08-14 19:12:45 +02:00 |
|
|
|
5ebebb3688
|
Change the order of the option handlers to match the option definion
|
2013-08-14 18:55:11 +02:00 |
|
|
|
0c6f6e9242
|
Reorder command line options in usage message and add separating empty lines
|
2013-08-14 18:49:27 +02:00 |
|
|
|
61cc8fdedc
|
lex: don't check for NULL before free
|
2013-08-14 04:44:31 +02:00 |
|
|
|
9929ac9123
|
lex: various fixes
|
2013-08-14 02:02:11 +02:00 |
|
|
|
bf721f718e
|
Implement new lexer that is not generated by flex to reduce code size
|
2013-08-14 01:19:33 +02:00 |
|
|
|
cd0f973cf6
|
lexer: reduce code size
|
2013-08-13 19:00:00 +02:00 |
|
|
|
88d6f0be57
|
lexer: simplify whitespace handling
|
2013-08-13 18:16:50 +02:00 |
|
|
|
4a65989064
|
lexer: simplify IPv6 address matching
|
2013-08-13 18:05:26 +02:00 |
|
|
|
d468ffff45
|
Add pre-up and post-down handlers
|
2013-08-12 18:54:16 +02:00 |
|
|
|
78de22fd21
|
Improve interface name handling
|
2013-08-12 18:34:11 +02:00 |
|
|
|
d351a2403c
|
Improve integer checks
|
2013-08-12 18:05:27 +02:00 |
|
|
|
02c3f0d648
|
Install signal handlers later so key generation can be interrupted
|
2013-08-12 17:54:14 +02:00 |
|
|
|
606f52e77d
|
config: check (and fix) some integer limits
|
2013-08-12 17:51:57 +02:00 |
|
|
|
8622d8625c
|
lexer: enter NEEDSPACE context after an IP address
|
2013-08-12 17:37:14 +02:00 |
|
|
|
3831c232a8
|
Fix librt check
|
2013-08-11 19:49:33 +02:00 |
|
|
|
fe344be938
|
Only link with librt when necessary
|
2013-08-11 19:21:03 +02:00 |
|
|
|
a5a567bd18
|
OpenBSD fastd_tuntap_open implementation
|
2013-08-11 19:03:37 +02:00 |
|
|
|
da2cea6559
|
Merge Linux and FreeBSD fastd_tuntap_{read,write} implementations
|
2013-08-09 00:10:16 +02:00 |
|
|
|
ca354d9e2e
|
Check for AI_ADDRCONFIG
|
2013-08-08 23:45:36 +02:00 |
|
|
|
16ca5451aa
|
Add some includes needed on OpenBSD
|
2013-08-08 23:23:12 +02:00 |
|
|
|
b38c76745c
|
aes128-gcm: don't restore buffer on verification failure
The buffer descriptor is a local variable and no buffer data is changed, so
there is nothing to restore before returning
|
2013-08-08 12:34:06 +02:00 |
|
|
|
6cf76ca46d
|
Use multi-af tun mode on FreeBSD to make IPv6 work on tun
|
2013-08-07 21:57:09 +02:00 |
|
|
|
dfac85a4ce
|
Fix segfault on --generate-key
|
2013-08-07 20:26:52 +02:00 |
|
|
|
86e4800428
|
Add FreeBSD implementation of fastd_tuntap_open()
|
2013-08-07 18:39:52 +02:00 |
|
|
|
1150b8a7bf
|
Unset msg_control when no ancillary data is to be sent
|
2013-08-07 05:39:50 +02:00 |
|
|
|
e3877b1103
|
Move tun/tap initialization to a dedicated source file
|
2013-08-07 05:00:37 +02:00 |
|
|
|
6662ce280f
|
Move some includes to compat.h
|
2013-08-07 04:48:25 +02:00 |
|
