Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 18, 2015
Commits on Dec 4, 2014
  1. add Grant Pannell

Commits on Sep 28, 2014
  1. Use the fwknop User-Agent for wget SSL external IP resolutions

    Bug fix to ensure that a User-Agent string can be specified when the
    fwknop client uses wget via SSL to resolve the external IP address. This
    closes issue #134 on github reported by Barry Allard. The fwknop now
    uses the wget '-U' option to specify the User-Agent string with a
    default of "Fwknop/<version>". In addition, a new command line argument
    "--use-wget-user-agent" to allow the default wget User-Agent string to
    apply instead.
Commits on Sep 4, 2014
Commits on Aug 22, 2014
  1. ChangeLog update for FCS bug fix

Commits on Jul 19, 2014
  1. [server] Bug fix for PF firewalls without ALTQ support on FreeBSD.

    With this commit PF rules are added correctly regardless of whether ALTQ support
    is available or not. Thanks to Barry Allard for discovering and reporting this
    issue. Closes issue #121 on github.
Commits on Apr 14, 2014
Commits on Mar 4, 2014
  1. Updated authorship and copyright information

    This commit updates all authorship and copyright information to include a
    standard header that references the AUTHORS and CREDITS file. This standard
    header was written by the Debian legal team at the request of Franck Joncourt.
Commits on Jan 11, 2014
  1. merged android4.4_support branch

Commits on Jan 3, 2014
  1. (Marek Wrzosek) Update docs to reflect random 'digits' use instead of…

    … 'bytes'
    Suggested doc update to fwknop man pages to accurately describe the usage
    of digits instead of bytes for SPA random data.  About 53 bits of entropy
    are actually used, although this is in addition to the 64-bit random salt
    in for key derivation used by PBKDF1 in Rjindael CBC mode.
Commits on Dec 23, 2013
  1. added Gerry Reno

Commits on Dec 12, 2013
  1. Added Les Aker to credits file

Commits on Aug 19, 2013
Commits on Aug 11, 2013
Commits on Aug 10, 2013
Commits on Jul 18, 2013
  1. Revert "[libfko] Have 'make install' run ldconfig if basic fwknop/fwk…

    …nopd -h exec fails"
    This reverts commit f55b89c.
    Damien recommended not having 'make install' run ldconfig since it breaks an RPM
    build of fwknop, and most package managers should be doing this step anyway.
Commits on Jul 10, 2013
  1. [client] in '-M legacy' mode truncate the key to 16 bytes

    This change helps to maintain backwards compatibility with older fwknopd daemons
    that cannot handle Rijndael keys greater than 16 bytes.  Blair Zajac suggested
    printing a warning in '-M legacy' mode when keys are attempted > 16 bytes long,
    and this warning is included in this commit.
Commits on Jun 30, 2013
  1. [libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h …

    …exec fails
    This commit makes sure that if running 'fwknop -h' or 'fwknopd -h' appears to
    fail then run ldconfig under the 'make install' step.  George Herlin reported
    that on some systems ldconfig was not automatically getting executed via the
    autoconf Makefile config, and since fwknop/fwknopd depend on a shared library
    (libfko), ldconfig needs to be executed by 'make install' if it wasn't already
Commits on Jun 11, 2013
  1. [libfko] handle endian detection on PPC (and other) systems

    Blair Zajac contributed a patch to handle endian detection on PPC systems
    and issue a compile time error if it cannot be determined.  This commit affects
    the BYTEORDER macro.
Commits on Jun 3, 2013
  1. Merge remote-tracking branch 'fjoncourt/master'

    Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor
    via --fd.
Commits on Jun 2, 2013
Commits on Jun 1, 2013
  1. [libfko] HMAC comparison timing bug fix

    Ryman reported a timing attack bug in the HMAC comparison operation (#85) and
    suggested a fix derived from YaSSL:
Commits on May 18, 2013
Commits on May 4, 2013
  1. Merge remote-tracking branch 'ag4ve/master'

    (Shawn Wilson) This adds better source IP logging for fwknopd log messages.
    Closes #70.
Commits on Apr 30, 2013
Commits on Apr 19, 2013
  1. credits and changelog updates

Commits on Feb 23, 2013
Commits on Jan 23, 2013
  1. [libfko] Don't trundate > 16 byte Rijndael keys

    Significant bug fix to honor the full encryption key length for
    user-supplied Rijndael keys > 16 bytes long.  Previous to this bug fix,
    only the first 16 bytes of a key were actually used in the encryption/
    decryption process even if the supplied key was longer.  The result was
    a weakening of expected security for users that had keys > 16 bytes,
    although this is probably not too common.  Note that "passphrase" is
    perhaps technically a better word for "user-supplied key" in this
    context since Rijndael in CBC mode derives a real encryption/decryption
    key from the passphrase through a series of applications of md5 against
    the passphrase and a random salt.  This issue was reported by Michael T.
    Dean.  Closes issue #18 on github.
Commits on Jan 20, 2013
Commits on Nov 9, 2012
  1. [client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets wer…

    …e sent anyway
    [client] (Franck Joncourt) Contributed a patch to allow the fwknop
    client to be stopped during the password entry prompt with Ctrl-C before
    any SPA packet is sent on the wire.
Commits on Oct 24, 2012
  1. Patch from Franck Joncourt for setting permissions via open()

    [client+server] Applied patch from Franck Joncourt to remove unnecessary
    chmod() call when creating client rc file and server replay cache file.
    The permissions are now set appropriately via open(), and at the same
    time this patch fixes a potential race condition since the previous code
    used fopen() followed by chmod().
Commits on Oct 12, 2012
  1. Applied perl FKO module libfko path patch from Franck Joncourt

    Applied patch from Franck Joncourt to have the perl FKO module link
    against libfko in the local directory (if it exists) so that it doesn't
    have to have libfko completely installed in /usr/lib/.  This allows the
    test suite to run FKO tests without installing libfko.
    Added the ability to the test suite to compile, install, and run some
    basic tests against the perl FKO module.
Commits on Oct 9, 2012
Commits on Sep 14, 2012
  1. added the OpenBSD port from Vlad

Something went wrong with that request. Please try again.