Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jul 13, 2012
  1. [test suite] Bug fix to account for libfko.dylib extension

    authored
    Richard Haas reported the test suite failing on Mac OS X systems with the
    existence check for the libfko library.  Damien Stuart advised that the library
    has a different extention '.dylib' on Mac OS X, so this change accounts for the
    difference.
Commits on Jul 10, 2012
  1. bumped version to 2.0.1-pre2

    authored
  2. added valgrind parsing note

    authored
Commits on Jul 9, 2012
  1. bumped version to 2.0.1-pre1

    authored
Commits on Jul 8, 2012
  1. Only cache replay digests for SPA packets that decrypt

    authored
    This change ensures that we only cache replay digests for those SPA packets
    that actually decrypt.  Not doing this would have allowed an attacker to
    potentially fill up digest cache space with digests for garbage packets.
  2. Bug fix for multi-stanza key use and replay attack detection

    authored
    This commit fixes a bug where the same encryption key used for two stanzas in
    the access.conf file would result in access requests that matched the second
    stanza to always be treated as a replay attack.  This has been fixed for
    the fwknop-2.0.1 release, and was reported by Andy Rowland.  Now the fwknopd
    server computes the SHA256 digest of raw incoming payload data before
    decryption, and compares this against all previous hashes.  Previous to this
    commit, fwknopd would add a new hash to the replay digest list right after
    the first access.conf stanza match, so when SPA packet data matched the
    second access.conf stanza a matching replay digest would already be there.
Commits on May 28, 2012
  1. gcc warning fix fox: fko_decode.c:43:17: warning: variable ‘edata_siz…

    authored
    …e’ set but not used [-Wunused-but-set-variable]
Commits on Jan 15, 2012
Commits on Jan 2, 2012
  1. removed old ChangeLog files

    authored
  2. bumped version to 2.0

    authored
  3. added FKO_CHECK_COMPILER_ARG_LDFLAGS_ONLY to fix ro-relocations and i…

    authored
    …mmediate binding protection compliation warnings on FreeBSD
  4. bumped version to 2.0

    authored
Commits on Dec 29, 2011
  1. @damienstuart

    Refactored configure.ac to use a custom macro for compiler flag checks.

    damienstuart authored Damien S. Stuart committed
    Set version to 2.0 (non-release candidate).
    Minor typo fixes.
Commits on Dec 13, 2011
Commits on Dec 6, 2011
  1. added local_spa.key file

    authored
  2. added local_spa.key file

    authored
Something went wrong with that request. Please try again.