[Swan-commit] Changes to ref refs/heads/master

D. Hugh Redelmeier hugh at vault.libreswan.fi
Fri Aug 10 20:24:30 UTC 2018 

New commits:
commit 59165f0a975e60b1c28a9626117300f53bf1e818
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Fri Aug 10 16:21:58 2018 -0400

    testing: change Strongswan reference logs to reflect changes in c7cc3dbdd0782c157d2676740212c24e35c18415
    
    - Order of DPD vendor ID and FRAGMENTATION vendor ID is reversed

commit c7cc3dbdd0782c157d2676740212c24e35c18415
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Fri Aug 10 16:07:20 2018 -0400

    pluto: improve next payload backpatching and start using it in IKEv1 code
    
    - backpatch target info is now in the PBS that will receive the payload.
      No searching is required.
    
    - backpatching better supports payloads within payloads
    
    - rename struct_desc's "np" (next payload) to "pt" (payload type)
      since this is about the current payload, not the next one.
    
    - make sure that every struct_desc used for payload output has a
      correct pt.  This meant the generic struct_desc should not be used.
      pt should only be explicitly initialized in a struct_desc for a
      payload.
    
    - the struct_desc pt field is now used at the start of out_struct,
      before the field loop.
    
    - ft_mnp (message next payload) is renamed ft_fcp (first contained
      payload) and can be used in more places, not just the IKE message
      header.
    
    - some backpatch problems are reported as expectation failures.
      This is an escalation from just appearing in debug logging.
      More checking is performed.
    
    - IKEv1 Vendor ID emitting is handled better: common routines are used
      instead of replicated and accidentally mutated code.
    
    - even more np calculation could be eliminated
    
    - scatter a lot more "const"s
    
    - use an empty struct (ikev2_encrypted_portion) as a wrapper PBS for
      encrypted payloads.  This requires some consideration of backpatching
      mechanism (see calls to move_pbs_previous_np()).
    
    - simplify ikev2_create_psk_auth() by eliminating a parameter
    
    - simplify ikev2_calculate_psk_sighash()
    
    - eliminate non-static array bounds ("hash_len") from
      ikev2_create_psk_auth() and ikev2_verify_psk_auth().
      This is (optonally) supported by compilers but the
      C Committee seems to consider it a mistake.
    
    - rename ikev2_np_cp_or_sa to ikev2_np_cp_or (awkward, but better
      reflects what it does).  This routine should be elminated.
    
    - simplify nat_traversal_insert_vid() by replacing struct state *
      parameter with a const struct connection * parameter
    
    - rename ikev2_record_fragments to ikev2_record_outbound_fragments
      to better reflect its function.
    
    - improved some logging

commit fdb390f0035070fc8b03cf124ccb12ac4428f289
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Fri Aug 10 14:35:30 2018 -0400

    programs/pluto/ikev1_send.c: tweak whitespace

commit 9d56aac9b076ace3093df0b08686d53c1b627822
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Fri Aug 10 14:31:05 2018 -0400

    addrtypeof.c: delete an unexpected blank line in source

commit f9b8292842149ac56f54574053342027153b6f95
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Fri Aug 10 14:28:15 2018 -0400

    testing: fix spelling in a couple of description.txt files

More information about the Swan-commit mailing list