strongswan.git
10 years agoadded missing RSA 768 test
Martin Willi [Wed, 10 Jun 2009 15:26:56 +0000 (17:26 +0200)]
added missing RSA 768 test

10 years agoadded convenience scripts for pubkey/dh speed tests
Martin Willi [Wed, 10 Jun 2009 14:24:53 +0000 (16:24 +0200)]
added convenience scripts for pubkey/dh speed tests

10 years agomoved publickey speed test to a standalone program
Martin Willi [Wed, 10 Jun 2009 14:10:46 +0000 (16:10 +0200)]
moved publickey speed test to a standalone program

This reverts commit 08874d6ae29745de264f269b15afbbf6cd5acaad.

10 years agoadditional check in case of non-positive months
Andreas Steffen [Wed, 10 Jun 2009 13:33:39 +0000 (15:33 +0200)]
additional check in case of non-positive months

10 years agoimplemented IKEv1 RSA signing in openssl_rsa_private_key.c
Andreas Steffen [Wed, 10 Jun 2009 13:29:52 +0000 (15:29 +0200)]
implemented IKEv1 RSA signing in openssl_rsa_private_key.c

10 years agomoved Diffie-Hellman speed test to a standalone program
Martin Willi [Wed, 10 Jun 2009 12:53:23 +0000 (14:53 +0200)]
moved Diffie-Hellman speed test to a standalone program

This reverts commit 1e6050bfaeadd66e921b3cd8d2128e4235ee6a29.

10 years agoimplemented IKEv1 signature verification in openssl_rsa_public_key.c
Andreas Steffen [Wed, 10 Jun 2009 11:43:51 +0000 (13:43 +0200)]
implemented IKEv1 signature verification in openssl_rsa_public_key.c

10 years agofixed typo in asn1.c
Andreas Steffen [Wed, 10 Jun 2009 10:00:26 +0000 (12:00 +0200)]
fixed typo in asn1.c

10 years agofixed DoS vulnerability in the parsing of ASN.1 time strings
Andreas Steffen [Wed, 10 Jun 2009 09:39:17 +0000 (11:39 +0200)]
fixed DoS vulnerability in the parsing of ASN.1 time strings

10 years agofixed DoS vulnerability in the parsing of distinguished names
Andreas Steffen [Tue, 9 Jun 2009 20:03:33 +0000 (22:03 +0200)]
fixed DoS vulnerability in the parsing of distinguished names

10 years agoproperly shut down and unref nm mainloop, fixes crash at shutdown
Martin Willi [Tue, 9 Jun 2009 13:13:10 +0000 (15:13 +0200)]
properly shut down and unref nm mainloop, fixes crash at shutdown

10 years agoremove stale pidfile if no such process found
Martin Willi [Tue, 9 Jun 2009 12:56:31 +0000 (14:56 +0200)]
remove stale pidfile if no such process found

10 years agofix inclusion of private_key_t in nm plugin
Martin Willi [Tue, 9 Jun 2009 12:02:35 +0000 (14:02 +0200)]
fix inclusion of private_key_t in nm plugin

10 years agoasn1_integer() ensures correct DER encoding of ASN1_INTEGER (two's complement)
Andreas Steffen [Tue, 9 Jun 2009 11:27:59 +0000 (13:27 +0200)]
asn1_integer() ensures correct DER encoding of ASN1_INTEGER (two's complement)

10 years agorenamed listing of IKEv1 authentication algorithms
Andreas Steffen [Tue, 9 Jun 2009 09:42:52 +0000 (11:42 +0200)]
renamed listing of IKEv1 authentication algorithms

10 years agoimplemented a speed test for diffie-hellman
Martin Willi [Mon, 8 Jun 2009 18:36:30 +0000 (20:36 +0200)]
implemented a speed test for diffie-hellman

10 years agoimplemented a speed test for public key algorithms
Martin Willi [Mon, 8 Jun 2009 17:02:31 +0000 (19:02 +0200)]
implemented a speed test for public key algorithms

10 years agogcrypt RSA public key implementation
Martin Willi [Mon, 8 Jun 2009 09:45:32 +0000 (11:45 +0200)]
gcrypt RSA public key implementation

10 years agogcrypt RSA private key implementation
Martin Willi [Mon, 8 Jun 2009 09:01:24 +0000 (11:01 +0200)]
gcrypt RSA private key implementation

10 years agouse autoconf macro provided by libgcrypt
Martin Willi [Fri, 5 Jun 2009 09:59:46 +0000 (11:59 +0200)]
use autoconf macro provided by libgcrypt

10 years agogcrypt mpi based Diffie-Hellman implementation
Martin Willi [Fri, 5 Jun 2009 09:43:57 +0000 (11:43 +0200)]
gcrypt mpi based Diffie-Hellman implementation

10 years agogcrypt rng implementation
Martin Willi [Thu, 4 Jun 2009 19:27:31 +0000 (21:27 +0200)]
gcrypt rng implementation

10 years agouse abstract mutex_t for gcrypt locking callbacks
Martin Willi [Thu, 4 Jun 2009 15:15:35 +0000 (17:15 +0200)]
use abstract mutex_t for gcrypt locking callbacks

10 years agogcrypt crypter implementation
Martin Willi [Thu, 4 Jun 2009 15:06:43 +0000 (17:06 +0200)]
gcrypt crypter implementation

10 years agogcrypt hasher implementation
Martin Willi [Thu, 4 Jun 2009 13:51:20 +0000 (15:51 +0200)]
gcrypt hasher implementation

10 years agoinitialize gcrypt threadsave, currently for pthread only
Martin Willi [Thu, 4 Jun 2009 13:49:19 +0000 (15:49 +0200)]
initialize gcrypt threadsave, currently for pthread only

10 years agoadded skeleton for libgcrypt based crypto plugin
Martin Willi [Thu, 4 Jun 2009 12:23:39 +0000 (14:23 +0200)]
added skeleton for libgcrypt based crypto plugin

10 years agofixed crash in openssl private_key->get_public_key(), using encode/load workaround
Martin Willi [Mon, 8 Jun 2009 16:59:04 +0000 (18:59 +0200)]
fixed crash in openssl private_key->get_public_key(), using encode/load workaround

10 years agomore concise listing of ESP algorithms
Andreas Steffen [Mon, 8 Jun 2009 15:42:26 +0000 (17:42 +0200)]
more concise listing of ESP algorithms

10 years agoactivated INTEGRITY_TEST option in pluto
Andreas Steffen [Mon, 8 Jun 2009 14:55:54 +0000 (16:55 +0200)]
activated INTEGRITY_TEST option in pluto

10 years agoimplement gmp_rsa_private_key.decrypt()
Andreas Steffen [Mon, 8 Jun 2009 13:59:33 +0000 (15:59 +0200)]
implement gmp_rsa_private_key.decrypt()

10 years agoimplemented gmp_rsa_public_key.encrypt() method
Andreas Steffen [Sun, 7 Jun 2009 23:43:06 +0000 (01:43 +0200)]
implemented gmp_rsa_public_key.encrypt() method

10 years agosome fixes in pkcs7.c
Andreas Steffen [Sun, 7 Jun 2009 23:28:43 +0000 (01:28 +0200)]
some fixes in pkcs7.c

10 years agohooray, pluto and scepclient do not depend on libgmp anymore
Andreas Steffen [Sun, 7 Jun 2009 17:48:46 +0000 (19:48 +0200)]
hooray, pluto and scepclient do not depend on libgmp anymore

10 years agoupdate strongswan.conf for pluto and scepclient
Andreas Steffen [Sun, 7 Jun 2009 10:44:02 +0000 (12:44 +0200)]
update strongswan.conf for pluto and scepclient

10 years agopkcs7.c also uses signature_scheme_from_oid()
Andreas Steffen [Sun, 7 Jun 2009 10:18:06 +0000 (12:18 +0200)]
pkcs7.c also uses signature_scheme_from_oid()

10 years agocreated signature_scheme_from_oid() helper function
Andreas Steffen [Sun, 7 Jun 2009 09:52:03 +0000 (11:52 +0200)]
created signature_scheme_from_oid() helper function

10 years agohardened OpenPGP parser
Andreas Steffen [Sat, 6 Jun 2009 14:46:59 +0000 (16:46 +0200)]
hardened OpenPGP parser

10 years agopluto now requires pubkey plugin
Andreas Steffen [Sat, 6 Jun 2009 14:25:52 +0000 (16:25 +0200)]
pluto now requires pubkey plugin

10 years agoupdated documentation on leftsendcert
Andreas Steffen [Sat, 6 Jun 2009 14:23:42 +0000 (16:23 +0200)]
updated documentation on leftsendcert

10 years agoused rsa coeff field in OpenPGP secret key payload
Andreas Steffen [Sat, 6 Jun 2009 12:54:14 +0000 (14:54 +0200)]
used rsa coeff field in OpenPGP secret key payload

10 years agofixed OpenPGPv3 fingerprint computation
Andreas Steffen [Sat, 6 Jun 2009 12:41:26 +0000 (14:41 +0200)]
fixed OpenPGPv3 fingerprint computation

10 years agofixed OpenPGP parsing
Andreas Steffen [Sat, 6 Jun 2009 11:13:11 +0000 (13:13 +0200)]
fixed OpenPGP parsing

10 years agomoved PGP types to pgp/pgp.h
Andreas Steffen [Fri, 5 Jun 2009 20:06:28 +0000 (22:06 +0200)]
moved PGP types to pgp/pgp.h

10 years agopluto and scepclient use private and public key plugins of libstrongswan
Andreas Steffen [Fri, 5 Jun 2009 19:14:31 +0000 (21:14 +0200)]
pluto and scepclient use private and public key plugins of libstrongswan

10 years agoupdated medcli/medsrv plugins to use new auth_cfg API, fixes compilation
Martin Willi [Thu, 4 Jun 2009 12:00:01 +0000 (14:00 +0200)]
updated medcli/medsrv plugins to use new auth_cfg API, fixes compilation

10 years agoadded missing identification.h include
Martin Willi [Thu, 4 Jun 2009 11:49:51 +0000 (13:49 +0200)]
added missing identification.h include

10 years agoapply is_anyaddr fix from socket also to socket-raw
Martin Willi [Wed, 3 Jun 2009 15:56:55 +0000 (17:56 +0200)]
apply is_anyaddr fix from socket also to socket-raw

10 years agofixed ENUM naming of XCBC prf
Martin Willi [Tue, 2 Jun 2009 12:41:53 +0000 (14:41 +0200)]
fixed ENUM naming of XCBC prf

10 years agoadded a charon.install_virtual_ip option to disable IP installation for testing
Martin Willi [Tue, 2 Jun 2009 11:34:03 +0000 (13:34 +0200)]
added a charon.install_virtual_ip option to disable IP installation for testing

10 years ago_updown script fix for ALT Linux, courtesy of Michael Shigorin
Andreas Steffen [Fri, 29 May 2009 06:10:02 +0000 (08:10 +0200)]
_updown script fix for ALT Linux, courtesy of Michael Shigorin

10 years agomissed keyid2sql.c
Andreas Steffen [Thu, 28 May 2009 13:50:05 +0000 (15:50 +0200)]
missed keyid2sql.c

10 years agoNO_CREDENTIAL_FACTORY compile option not needed anymore
Andreas Steffen [Thu, 28 May 2009 13:44:22 +0000 (15:44 +0200)]
NO_CREDENTIAL_FACTORY compile option not needed anymore

10 years agohide credentials headers in credential_factory.h
Andreas Steffen [Thu, 28 May 2009 13:34:18 +0000 (15:34 +0200)]
hide credentials headers in credential_factory.h

10 years agoregister the already implemented AUTH_HMAC_SHA1_160 algorithm
Martin Willi [Thu, 28 May 2009 12:57:59 +0000 (14:57 +0200)]
register the already implemented AUTH_HMAC_SHA1_160 algorithm

10 years agoset parsed = TRUE before calling parse_certificate()
Andreas Steffen [Wed, 27 May 2009 07:52:53 +0000 (09:52 +0200)]
set parsed = TRUE before calling parse_certificate()

10 years agofixed typo
Andreas Steffen [Wed, 27 May 2009 06:46:13 +0000 (08:46 +0200)]
fixed typo

10 years agodh_exponent_ansi_x9_42 is now a libstrongswan setting
Andreas Steffen [Tue, 26 May 2009 16:32:52 +0000 (18:32 +0200)]
dh_exponent_ansi_x9_42 is now a libstrongswan setting

10 years agoeliminated ipsec_policy.h
Andreas Steffen [Tue, 26 May 2009 15:19:26 +0000 (17:19 +0200)]
eliminated ipsec_policy.h

10 years agoshow strongSwan version in pluto's statusall
Andreas Steffen [Tue, 26 May 2009 13:35:32 +0000 (15:35 +0200)]
show strongSwan version in pluto's statusall

10 years agoshow strongSwan version in statusall
Martin Willi [Tue, 26 May 2009 11:47:20 +0000 (13:47 +0200)]
show strongSwan version in statusall

10 years agoadded generated extconf.rb to .gitignore, removed it from distribution
Martin Willi [Mon, 25 May 2009 13:45:05 +0000 (15:45 +0200)]
added generated extconf.rb to .gitignore, removed it from distribution

10 years agoresolve clone naming conflict with uclibc
Andreas Steffen [Mon, 25 May 2009 06:38:36 +0000 (08:38 +0200)]
resolve clone naming conflict with uclibc

10 years agoremoved optionsfrom.c from libfreeswan
Andreas Steffen [Sun, 24 May 2009 19:04:50 +0000 (21:04 +0200)]
removed optionsfrom.c from libfreeswan

10 years agowhack uses optionsfrom from libstrongswan
Andreas Steffen [Sun, 24 May 2009 18:59:28 +0000 (20:59 +0200)]
whack uses optionsfrom from libstrongswan

10 years agocosmetics
Andreas Steffen [Sun, 24 May 2009 18:14:13 +0000 (20:14 +0200)]
cosmetics

10 years agosuppress Routed Connections caption if list is empty
Andreas Steffen [Sun, 24 May 2009 18:06:55 +0000 (20:06 +0200)]
suppress Routed Connections caption if list is empty

10 years agopluto uses optionsfrom from libstrongswan
Andreas Steffen [Sun, 24 May 2009 18:03:01 +0000 (20:03 +0200)]
pluto uses optionsfrom from libstrongswan

10 years agopluto now needs the gmp plugin
Andreas Steffen [Sun, 24 May 2009 17:33:16 +0000 (19:33 +0200)]
pluto now needs the gmp plugin

10 years agoload gmp plugin in ike scenarios
Andreas Steffen [Sun, 24 May 2009 16:16:00 +0000 (18:16 +0200)]
load gmp plugin in ike scenarios

10 years agoadded openssl/ikev1-alg-ecp-low and openssl/ikev1-alg-ecp-high scenarios
Andreas Steffen [Sun, 24 May 2009 16:12:31 +0000 (18:12 +0200)]
added openssl/ikev1-alg-ecp-low and openssl/ikev1-alg-ecp-high scenarios

10 years agoKE payload of ECP groups has X and Y coordinates
Andreas Steffen [Sun, 24 May 2009 16:06:49 +0000 (18:06 +0200)]
KE payload of ECP groups has X and Y coordinates

10 years agofixed typo
Andreas Steffen [Sun, 24 May 2009 14:48:58 +0000 (16:48 +0200)]
fixed typo

10 years agoadded openssl/rw-cert-ikev1 scenario
Andreas Steffen [Sun, 24 May 2009 14:42:30 +0000 (16:42 +0200)]
added openssl/rw-cert-ikev1 scenario

10 years agorenamed some IKEv2 OpenSSL scenarios
Andreas Steffen [Sun, 24 May 2009 14:41:13 +0000 (16:41 +0200)]
renamed some IKEv2 OpenSSL scenarios

10 years agopluto now requires gmp plugin for DH functions
Andreas Steffen [Sun, 24 May 2009 14:11:24 +0000 (16:11 +0200)]
pluto now requires gmp plugin for DH functions

10 years agouse the Diffie-Hellman functionality of libstrongswan
Andreas Steffen [Sun, 24 May 2009 09:26:00 +0000 (11:26 +0200)]
use the Diffie-Hellman functionality of libstrongswan

10 years agocosmetics
Andreas Steffen [Sun, 24 May 2009 09:24:19 +0000 (11:24 +0200)]
cosmetics

10 years agoadded dh group descriptions
Andreas Steffen [Sun, 24 May 2009 09:23:24 +0000 (11:23 +0200)]
added dh group descriptions

10 years agoupdated copyright statements
Andreas Steffen [Fri, 22 May 2009 15:25:32 +0000 (17:25 +0200)]
updated copyright statements

10 years agoversion bump to 4.3.2
Andreas Steffen [Fri, 22 May 2009 15:05:58 +0000 (17:05 +0200)]
version bump to 4.3.2

10 years agofixed compiler warning 4.3.1
Andreas Steffen [Fri, 22 May 2009 12:15:39 +0000 (14:15 +0200)]
fixed compiler warning

10 years agocompleted NEWS for 4.3.1
Andreas Steffen [Fri, 22 May 2009 11:41:48 +0000 (13:41 +0200)]
completed NEWS for 4.3.1

10 years agorecognize ipsec purgeike command
Andreas Steffen [Fri, 22 May 2009 11:32:48 +0000 (13:32 +0200)]
recognize ipsec purgeike command

10 years agoload plugins for scepclient
Andreas Steffen [Fri, 22 May 2009 08:45:32 +0000 (10:45 +0200)]
load plugins for scepclient

10 years agoload plugins for scepclient
Andreas Steffen [Fri, 22 May 2009 08:40:25 +0000 (10:40 +0200)]
load plugins for scepclient

10 years agopsk scenarios don't have to load the curl plugin
Andreas Steffen [Fri, 22 May 2009 08:35:11 +0000 (10:35 +0200)]
psk scenarios don't have to load the curl plugin

10 years agopsk scenarios don't have to load the curl plugin
Andreas Steffen [Fri, 22 May 2009 08:26:38 +0000 (10:26 +0200)]
psk scenarios don't have to load the curl plugin

10 years agolod plugins for scepclient
Andreas Steffen [Fri, 22 May 2009 08:10:31 +0000 (10:10 +0200)]
lod plugins for scepclient

10 years agopsk scenarios don't have to load the curl plugin
Andreas Steffen [Fri, 22 May 2009 07:50:53 +0000 (09:50 +0200)]
psk scenarios don't have to load the curl plugin

10 years agoload plugins for scepclient
Andreas Steffen [Fri, 22 May 2009 07:50:09 +0000 (09:50 +0200)]
load plugins for scepclient

10 years agoadded pluto's plugins in ikev1/attr-cert scenario
Andreas Steffen [Fri, 22 May 2009 07:19:08 +0000 (09:19 +0200)]
added pluto's plugins in ikev1/attr-cert scenario

10 years agouse pluto's default plugins
Andreas Steffen [Fri, 22 May 2009 07:15:51 +0000 (09:15 +0200)]
use pluto's default plugins

10 years agosome more NEWS
Andreas Steffen [Thu, 21 May 2009 18:54:45 +0000 (20:54 +0200)]
some more NEWS

10 years agoFixing IPSEC_* checks on older Linux distros.
Tobias Brunner [Thu, 21 May 2009 08:03:27 +0000 (10:03 +0200)]
Fixing IPSEC_* checks on older Linux distros.

10 years agoPortably check for IPSEC_* constants (defined in ipsec.h).
Tobias Brunner [Wed, 20 May 2009 18:15:06 +0000 (20:15 +0200)]
Portably check for IPSEC_* constants (defined in ipsec.h).

The problem is that FreeBSD defines them as #defines whereas Linux defines them as enums.

10 years agoAutomatically build (and install) the DUMM Ruby extension.
Tobias Brunner [Wed, 20 May 2009 17:34:17 +0000 (19:34 +0200)]
Automatically build (and install) the DUMM Ruby extension.

10 years agoEnable building the DUMM Ruby extension in a VPATH build.
Tobias Brunner [Wed, 20 May 2009 16:40:27 +0000 (18:40 +0200)]
Enable building the DUMM Ruby extension in a VPATH build.

10 years agoThe configure script now tries to figure out where ruby.h is located.
Tobias Brunner [Wed, 20 May 2009 12:15:14 +0000 (14:15 +0200)]
The configure script now tries to figure out where ruby.h is located.

This is required because the location depends on the architecture.

10 years agoinclude TSi/TSr of triggering packet in acquire
Martin Willi [Wed, 20 May 2009 09:44:43 +0000 (11:44 +0200)]
include TSi/TSr of triggering packet in acquire