summaryrefslogtreecommitdiff
path: root/usr/src/lib/libipsecutil
AgeCommit message (Collapse)AuthorFilesLines
2022-03-1014443 resection manual pages per IPD4Richard Lowe3-18/+18
Reviewed by: Toomas Soome <tsoome@me.com> Reviewed by: Robert Mustacchi <rm@fingolfin.org> Reviewed by: Peter Tribble <peter.tribble@gmail.com> Reviewed by: Andy Fiddaman <andy@omnios.org> Approved by: Dan McDonald <danmcd@joyent.com>
2021-04-1513487 want mapfile-based assertions about symbol properties (fix SPARC)Toomas Soome1-3/+7
Reviewed by: Igor Kozhukhov <igor@dilos.org> Reviewed by: Andy Fiddaman <andy@omnios.org> Reviewed by: Klaus Ziegler <klausz@haus-gisela.de> Approved by: Robert Mustacchi <rm@fingolfin.org>
2021-04-0913487 want mapfile-based assertions about symbol propertiesRichard Lowe1-18/+34
Reviewed by: Robert Mustacchi <rm@fingolfin.org> Reviewed by: Jason King <jason.brian.king@gmail.com> Approved by: Dan McDonald <danmcd@joyent.com>
2020-05-0412454 remove lint library machineryRichard Lowe4-9/+5
Reviewed by: Andy Fiddaman <andy@omniosce.org> Reviewed by: Gordon Ross <gwr@nexenta.com> Approved by: Dan McDonald <danmcd@joyent.com>
2019-08-1611528 Makefile.noget can get goneJohn Levon1-1/+1
11529 Use -Wno-maybe-initialized Reviewed by: Peter Tribble <peter.tribble@gmail.com> Reviewed by: Toomas Soome <tsoome@me.com> Approved by: Robert Mustacchi <rm@joyent.com>
2019-02-1310361 usr/lib - stop lint library generation and packagingAndy Fiddaman1-32/+0
Reviewed by: Jason King <jason.king@joyent.com> Reviewed by: Peter Tribble <peter.tribble@gmail.com> Reviewed by: Frederik Wessels <wessels147@gmail.com> Approved by: Dan McDonald <danmcd@joyent.com>
2019-01-1410079 smatch Makefile changes for usr/src/libJohn Levon1-0/+2
Reviewed by: Andy Fiddaman <andy@omniosce.org> Approved by: Robert Mustacchi <rm@joyent.com>
2018-10-035159 ipsec_libssl_setup.c loads libcryptoJason King4-344/+35
Reviewed by: Andy Fiddaman <andy@omniosce.org> Reviewed by: Igor Kozhukhov <igor@dilos.org> Reviewed by: Toomas Soome <tsoome@me.com> Approved by: Dan McDonald <danmcd@joyent.com>
2018-02-148988 SADB_ACQUIRE proposals don't include mechanism salt lengthJason King1-4/+5
Reviewed by: Dan McDonald <danmcd@joyent.com> Reviewed by: Tim Kordas <tim.kordas@joyent.com> Reviewed by: Richard Lowe <richlowe@richlowe.net> Approved by: Gordon Ross <gordon.ross@nexenta.com>
2018-02-088989 Allow IKEV2 pf_key(7P) key management cookies to be updated after setJason King1-1/+3
Reviewed by: Dan McDonald <danmcd@joyent.com> Reviewed by: Richard Lowe <richlowe@richlowe.net> Approved by: Gordon Ross <gordon.ross@nexenta.com>
2018-01-168927 sadb_x_kmc_t's KM cookie should be 64-bits (fix improper upstream)Dan McDonald1-4/+10
2018-01-098927 sadb_x_kmc_t's KM cookie should be 64-bitsDan McDonald2-6/+32
Reviewed by: Jason King <jason.king@joyent.com> Reviewed by: Robert Mustacchi <rm@joyent.com> Reviewed by: Yuri Pankov <yuripv@gmx.com> Approved by: Richard Lowe <richlowe@richlowe.net>
2017-07-058456 libipsecutil: variable might be clobbered by longjmpToomas Soome1-3/+3
Reviewed by: Gary Mills <gary_mills@fastmail.fm> Reviewed by: Igor Kozhukhov <igor@dilos.org> Approved by: Dan McDonald <danmcd@joyent.com>
2012-09-222933 compiler warning gags need better granularityRichard Lowe1-0/+3
Reviewed by: Eric Schrock <eric.schrock@delphix.com> Approved by: Garrett D'Amore <garrett@damore.org>
2012-02-182077 lots of unreachable breaks in illumos gateMilan Jurik1-2/+1
Reviewed by: Dan McDonald <danmcd@nexenta.com> Reviewed by: Garrett D'Amore <garrett@damore.org> Approved by: Richard Lowe <richlowe@richlowe.net>
2010-06-246916796 OSnet mapfiles should use version 2 link-editor syntaxAli Bahrami1-11/+12
--HG-- rename : usr/src/cmd/sgs/libelf/common/mapfile-common => usr/src/cmd/sgs/libelf/common/mapfile-vers rename : usr/src/cmd/sgs/link_audit/i386/mapfile-vers-bindings => usr/src/cmd/sgs/link_audit/common/mapfile-vers-bindings rename : usr/src/cmd/sgs/link_audit/i386/mapfile-vers-perfcnt => usr/src/cmd/sgs/link_audit/common/mapfile-vers-perfcnt rename : usr/src/cmd/sgs/link_audit/i386/mapfile-vers-symbindrep => usr/src/cmd/sgs/link_audit/common/mapfile-vers-symbindrep rename : usr/src/cmd/sgs/link_audit/i386/mapfile-vers-truss => usr/src/cmd/sgs/link_audit/common/mapfile-vers-truss rename : usr/src/cmd/sgs/link_audit/i386/mapfile-vers-who => usr/src/cmd/sgs/link_audit/common/mapfile-vers-who rename : usr/src/common/mapfiles/i386/map.noexdata => usr/src/common/mapfiles/common/map.noexdata rename : usr/src/lib/libaio/sparc/mapfile-vers => usr/src/lib/libaio/common/mapfile-vers rename : usr/src/lib/libelfsign/common/mapfile.map => usr/src/lib/libelfsign/common/mapfile-vers rename : usr/src/lib/libpthread/sparc/mapfile-vers => usr/src/lib/libpthread/common/mapfile-vers rename : usr/src/lib/librt/amd64/mapfile-vers => usr/src/lib/librt/common/mapfile-vers rename : usr/src/lib/libsys/sparc/mapfile-vers => usr/src/lib/libsys/common/mapfile-vers rename : usr/src/lib/libthread/sparc/mapfile-vers => usr/src/lib/libthread/common/mapfile-vers
2010-04-19PSARC 2010/101 in.iked preshared key file extensionsPaul Wernau1-0/+2
6511591 Support at least remote-prefixes for preshared key entries
2010-04-12PSARC 2010/102 ikeadm dump algsVladimir Kotal1-3/+26
6927650 provide the list of DH groups in ikeadm 6927657 provide the list of algorithms offered by iked for IKE in ikeadm
2010-03-11PSARC 2010/055 ECP and RFC5114 groups for IKEBill Sommerfeld1-7/+16
6586320 RFC 4753 ECP groups needed for IKE 6900895 RFC 5114 ECP Diffie-Hellman groups 6897862 RFC 5114 integer modulus Diffie-Hellman groups
2009-12-226874992 in.iked does not use network byte order for IP address in sendto() callVladimir Kotal4-43/+254
6874983 ikedoor.h is not C++ safe 6885833 IPsec utilities should print lifetimes in human readable format 6889086 ikeadm reports kilobyte lifetimes with wrong units 6898492 iked should enforce lower maximum values for lifetimes 6897711 iked debug output should be less confusing for average sysadmin 6902926 SOFT kilobyte expires for inbound SAs should make it to userland and be reacted upon
2009-11-02PSARC/2008/252 Labeled IPsec phase 1Bill Sommerfeld5-13/+176
6886771 Labeled IPsec phase 1 6808727 Alignment error panic in tsol_can_accept_raw() 6894979 nightly -0 + -p builds then destroys SUNW0on
2009-10-20PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphersMark Fenwick3-18/+71
6704686 IPsec/ESP needs to support Combined mode ciphers 6704682 IPsec/ESP should use AES-CCM 6884664 IPsec/ESP should support AES-GCM Mode 6840342 ipsecalgs out of memory error 6764184 tab instead of space in sadb.h
2009-09-236881623 CRYPTO_num_locks() should be used instead of CRYPTO_NUM_LOCKSPaul Wernau2-15/+87
2009-07-016848192 get_ipsa_pair() does not always follow bucket lock entry rules, ↵Mark Fenwick2-13/+49
could potentially deadlock. 6846548 PF_KEY diagnostics need to be more specific 6853208 ipsecalgs(1m) does not cope when there are no algorithms registered. 6856693 sadb_update_sa() checks for duplicate SADB_UPDATE messages in the wrong place. 6846547 Faulty PF_KEY replies should not cause in.iked to halt
2009-05-286806387 Move OpenSSL from ON to SFWMark Phalan1-2/+0
2009-04-246824443 Make in.iked a 64-bit process when possible.Dan McDonald1-2/+17
2009-03-186520458 ikeadm should have command line history capabilitiesVladimir Kotal3-16/+118
4313953 ipseckey(1m) needs line editing support. 6814629 ipseckey should employ strict checking for {dump,flush} commands
2009-02-106798660 Cadmium .NOT file processing problem with CWD relative file pathsAli Bahrami1-2/+14
Contributed by Richard Lowe 6785284 Mapfile versioning rules need to be more visible to gatelings 6800164 Standard file exclusion mechanism needed for Cadmium tools
2009-01-21PSARC 2008/525 ikeadm token loginPaul Wernau2-6/+57
6219638 in.iked(1m) should not have to read PKCS#11 pins off-disk 6780866 ikeadm should use authorizations
2008-11-216449514 move OpenSSL from /usr/sfw to /usr, /libJohn.Zolnowsky@Sun.COM1-5/+0
6457487 clean up Makefile for cmd/openssl 6686002 move /usr/lib/libkmf and plugins to /lib - PSARC 2007/674 6686004 move libcryptoutil and libelfsign from /usr/lib to /lib - PSARC 2007/674 6700122 cryptosvc should be able to start before filesystem/usr
2008-09-29PSARC 2008/523 IPsec session failoverThejaswini Singarajipura3-12/+117
6398024 IPsec should support session failover across machines 6545486 PF_KEY needs to set an SA's sequence number
2008-08-136728539 64-bit version of libipsecutilDan McDonald6-62/+110
2008-07-156724924 memory leak plugging subverted ASN.1 printing functionality in ↵vk1998391-10/+13
ikeadm/ipseckey
2008-07-096719641 RFC 3947 section 7 (port-reassignment) on paired-ESP and IKE SAs on ↵danmcd1-0/+2
the non-NAT side.
2008-05-20PSARC/2008/232 Paired IPsec Security Associationsmarkfen1-0/+46
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm 6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock 6628201 Inbound and Outbound IPsec SA's should be treated as a pair. 6643439 check_rule() in in.iked does not sanity check kilobyte based lifetime values 6668752 ikeadm(1m) get defaults displays wrong value for p2_softlife_kb 6669211 Need a way to disable Soft Expires when using in.iked(1m) 6670612 sadb_address_proto and sadb_address_prefixlen need to be initialized in NAT_T extensions. 6674203 Ordering of src/dst address extensions in pf_key messages is inconsistent. 6676436 ipseckey(1m) error messages could be less cryptic 6683004 Updating hard_usetime on an IPsec SA will cause it to evaporate. 6703265 in.iked can dump core if avl_nearest() returns NULL
2008-05-126699935 memory leak in print_asn1_name()vk1998391-0/+7
2008-02-29PSARC 2008/014 SHA-2 support for IPsec and IKEdanmcd1-1/+4
6586319 Need to enable SHA-256,384,512 support in AH, ESP, and IKE 6663271 sha2_mac_verify_atomic() function is missing SHA384 exceptions
2008-02-296658263 ipseckey and ikeadm don't print ASN.1 ID valuespwernau5-7/+273
2008-01-256653436 iked should be more resilient to ipsecalgs contentsvk1998391-3/+9
2007-10-245053475 certlib_load() error messages need improving.pwernau1-0/+5
6614180 file permissions on public keys and CRLs should be more open 6614741 keying material with insecure permissions should not be trusted
2007-10-106516622 ACQUIRE-specified lifetimes are now ignored by in.ikedmarkfen1-0/+4
6609988 superfluous debugging in isakmp_udp.c 6612767 Logfile time stamp for in.iked a bit OTT 6612771 Some in.iked messages contain information thats no longer useful
2007-09-04PSARC 2007/449 Detangle IPsec NAT Traversaldanmcd2-8/+18
6481450 nattymod calls putnext() on a freed queue. 6558864 remove nattymod 6558870 Implement SA last-used time and idle actions 6582318 "mandatory" is spelled wrong in pfiles 6584011 save_assoc() gets confused w.r.t. "proto". 6588015 Missing "encap udp" must be better diagnosed by ipseckey(1M). 6595368 Need "ipsec-nat-t" in /etc/services 6595877 ipseckey(1M) can produce output it can't read back in (line-too-big) --HG-- rename : usr/src/uts/common/inet/ip/nattymod.c => deleted_files/usr/src/uts/common/inet/ip/nattymod.c rename : usr/src/uts/intel/nattymod/Makefile => deleted_files/usr/src/uts/intel/nattymod/Makefile rename : usr/src/uts/sparc/nattymod/Makefile => deleted_files/usr/src/uts/sparc/nattymod/Makefile
2007-08-18PSARC/2006/662 Make err/warn part of Solaris's libcvk1998396-215/+45
6495220 add err() et al. to libc --HG-- rename : usr/src/lib/libipsecutil/common/err.h => usr/src/head/err.h rename : usr/src/lib/libipsecutil/common/err.c => usr/src/lib/libc/port/gen/err.c
2007-08-156585305 in.iked in debug mode needs to show phase 2 alg proposals and PF_KEY ↵pwernau2-244/+270
message contents
2007-07-306576171 ipsec_kmc_map file processing is brokendanmcd1-2/+6
2007-07-25PSARC/2007/409 RFC 3526 Diffie-Hellman groups for IKEmarkfen1-0/+6
4886779 RFC 3526 Diffie-Hellman groups for IKE
2007-05-296561665 ipseckey -f does not understand "flush" keyword anymorepwernau2-44/+55
2007-05-14PSARC 2007/200 - Dedicated SMF services for IPsec/IKEmarkfen5-52/+310
6185380 IPsec should be a separate (set) of smf(5) services 6440610 missing preshared remoteid line causes in.iked core dump on reading config 6462741 ipsecconf should have an option to check config file syntax 6467954 ipseckey exit code on failure inconsistent 6468456 ipsecconf uses strcpy() 6479903 in.iked with SMF should use _enter_daemon_lock() 6488927 ipseckey(1M) could do a better job of dealing with multiple errors 6497802 in.iked should use smf(5) properties instead of /etc/default/ipsec 6519836 ipseckey, ipsecconf require uid == 0, but configured to use profile 6529086 ipsec utilities can't deal with large files 6538478 Timestamp in in.iked debug output does not understand daylight savings time 6542255 in.iked can dump core when forced to load a new ike.preshared file with ikeadm. 6543263 ikeadm uses strcpy() 6543267 ipseckey uses strcpy() 6544087 memory leak with preshared key reloading --HG-- rename : usr/src/cmd/cmd-inet/usr.sbin/ikeadm.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikeadm.c rename : usr/src/cmd/cmd-inet/usr.sbin/ikecert.sh => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikecert.sh rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecalgs.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecalgs.c rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c rename : usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
2007-04-196500413 libipsecutil uses gettext() instead of dgettext()markfen4-371/+497
2007-02-076520181 in.iked leaks memory when parsing config with duplicate encr_algvk1998391-2/+4
6520196 ikeadm cannot configure keysizes 6520197 ikeadm should print keysizes of algorithms
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-09 02:55:07 +0000