strongswan.git
10 years agoecp_x_coordinate_only option and IKEv1 AEAD support
Andreas Steffen [Sat, 11 Jul 2009 18:04:38 +0000 (20:04 +0200)]
ecp_x_coordinate_only option and IKEv1 AEAD support

10 years agoaddes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios
Andreas Steffen [Sat, 11 Jul 2009 16:44:50 +0000 (18:44 +0200)]
addes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios

10 years agopluto supports AES_CCM and AES_GCM ESP algorithms
Andreas Steffen [Sat, 11 Jul 2009 16:43:09 +0000 (18:43 +0200)]
pluto supports AES_CCM and AES_GCM ESP algorithms

10 years agoput variable definitions up front
Andreas Steffen [Fri, 10 Jul 2009 20:58:47 +0000 (22:58 +0200)]
put variable definitions up front

10 years agocosmetics
Andreas Steffen [Fri, 10 Jul 2009 20:18:26 +0000 (22:18 +0200)]
cosmetics

10 years agoadded listener.h to charon_SOURCES
Andreas Steffen [Fri, 10 Jul 2009 19:43:21 +0000 (21:43 +0200)]
added listener.h to charon_SOURCES

10 years agouse the configured NM connection id as configuration/IKE_SA name
Martin Willi [Fri, 10 Jul 2009 09:01:44 +0000 (11:01 +0200)]
use the configured NM connection id as configuration/IKE_SA name

10 years agofixed state check if establishing the CHILD_SA fails
Martin Willi [Fri, 10 Jul 2009 07:40:02 +0000 (09:40 +0200)]
fixed state check if establishing the CHILD_SA fails

10 years agouse the new updown()/rekey() hooks to track the state of NetworkManager connections
Martin Willi [Fri, 10 Jul 2009 07:37:27 +0000 (09:37 +0200)]
use the new updown()/rekey() hooks to track the state of NetworkManager connections

10 years agoupdate libfreeswan/pfkeyv2.h
Andreas Steffen [Fri, 10 Jul 2009 05:15:08 +0000 (07:15 +0200)]
update libfreeswan/pfkeyv2.h

10 years agoadded AES_CTR, AES_CCM, and AES_GCM strings
Andreas Steffen [Fri, 10 Jul 2009 04:53:54 +0000 (06:53 +0200)]
added AES_CTR, AES_CCM, and AES_GCM strings

10 years agoimplemented ike_down() bus hook
Martin Willi [Thu, 9 Jul 2009 12:44:08 +0000 (14:44 +0200)]
implemented ike_down() bus hook

10 years agoimplemented ike_up() bus hook
Martin Willi [Thu, 9 Jul 2009 11:44:06 +0000 (13:44 +0200)]
implemented ike_up() bus hook

10 years agoimplemented child_down() bus hook
Martin Willi [Thu, 9 Jul 2009 11:35:33 +0000 (13:35 +0200)]
implemented child_down() bus hook

10 years agoimplemented child_up() bus hook
Martin Willi [Thu, 9 Jul 2009 11:11:46 +0000 (13:11 +0200)]
implemented child_up() bus hook

10 years agoimplemented ike_rekey()/child_rekey() bus hooks
Martin Willi [Wed, 8 Jul 2009 12:33:24 +0000 (14:33 +0200)]
implemented ike_rekey()/child_rekey() bus hooks

10 years agoadded new listener callbacks to track SAs
Martin Willi [Wed, 8 Jul 2009 12:08:31 +0000 (14:08 +0200)]
added new listener callbacks to track SAs

10 years agomoved listener_t interface definition to a separate file
Martin Willi [Wed, 8 Jul 2009 07:00:02 +0000 (09:00 +0200)]
moved listener_t interface definition to a separate file

10 years agoenforced strongSwan coding rules
Andreas Steffen [Thu, 9 Jul 2009 13:02:51 +0000 (15:02 +0200)]
enforced strongSwan coding rules

10 years agoadded a RADIUS id_prefix option to prefix the IMSI
Martin Willi [Tue, 7 Jul 2009 13:47:09 +0000 (15:47 +0200)]
added a RADIUS id_prefix option to prefix the IMSI

10 years agoupdated ikev2bis draft from 03 to 04
Martin Willi [Thu, 9 Jul 2009 09:17:43 +0000 (11:17 +0200)]
updated ikev2bis draft from 03 to 04

10 years agomemxor does not access unaligned words anymore, but still uses words if possible
Martin Willi [Wed, 8 Jul 2009 15:19:49 +0000 (17:19 +0200)]
memxor does not access unaligned words anymore, but still uses words if possible

10 years agofixed doxygen section pgp
Martin Willi [Wed, 8 Jul 2009 08:29:12 +0000 (10:29 +0200)]
fixed doxygen section pgp

10 years agofixed two doxygen warnings
Martin Willi [Wed, 8 Jul 2009 08:28:54 +0000 (10:28 +0200)]
fixed two doxygen warnings

10 years agoupdated HACKING info
Martin Willi [Tue, 7 Jul 2009 15:26:16 +0000 (17:26 +0200)]
updated HACKING info

10 years agoremove obsolete child_cfg_t.equal_traffic_selectors() method
Martin Willi [Tue, 7 Jul 2009 12:38:55 +0000 (14:38 +0200)]
remove obsolete child_cfg_t.equal_traffic_selectors() method

10 years agochild_cfg matching code prefers a config containing the first proposed TS
Martin Willi [Tue, 7 Jul 2009 12:38:19 +0000 (14:38 +0200)]
child_cfg matching code prefers a config containing the first proposed TS

10 years agoadded missing equals() method assignment for ID_ANY identities
Martin Willi [Tue, 7 Jul 2009 11:42:22 +0000 (13:42 +0200)]
added missing equals() method assignment for ID_ANY identities

10 years agouse architecture specific Elf header
Martin Willi [Mon, 6 Jul 2009 14:36:01 +0000 (16:36 +0200)]
use architecture specific Elf header

10 years agocentralized ID type specific method assignement in generic constructor
Martin Willi [Mon, 6 Jul 2009 11:11:03 +0000 (13:11 +0200)]
centralized ID type specific method assignement in generic constructor

10 years agoremoved obsolete init_rdn()/get_next_rdn() functions
Martin Willi [Mon, 6 Jul 2009 10:47:18 +0000 (12:47 +0200)]
removed obsolete init_rdn()/get_next_rdn() functions

10 years agoreimplemented dnota() using RDN enumerator
Martin Willi [Mon, 6 Jul 2009 10:42:09 +0000 (12:42 +0200)]
reimplemented dnota() using RDN enumerator

10 years agoadded a chunk_printable() function (replaces sanitize_chunk)
Martin Willi [Mon, 6 Jul 2009 10:37:26 +0000 (12:37 +0200)]
added a chunk_printable() function (replaces sanitize_chunk)

10 years agoreplaced {same,match}_dn() by compare_dn(), using the RDN enumerator
Martin Willi [Mon, 6 Jul 2009 09:46:26 +0000 (11:46 +0200)]
replaced {same,match}_dn() by compare_dn(), using the RDN enumerator

10 years agofixed memleak if RND parsing fails
Martin Willi [Mon, 6 Jul 2009 09:45:26 +0000 (11:45 +0200)]
fixed memleak if RND parsing fails

10 years agoadded unit test for identification_t.matches()
Martin Willi [Mon, 6 Jul 2009 09:44:46 +0000 (11:44 +0200)]
added unit test for identification_t.matches()

10 years agoadded unit test for identification_t.equals()
Martin Willi [Mon, 6 Jul 2009 09:16:41 +0000 (11:16 +0200)]
added unit test for identification_t.equals()

10 years agocontains_wildcard() for DNs uses RDN enumerator
Martin Willi [Fri, 3 Jul 2009 15:09:17 +0000 (17:09 +0200)]
contains_wildcard() for DNs uses RDN enumerator

10 years agoadded unit test for identification_t.contains_wildcard()
Martin Willi [Fri, 3 Jul 2009 15:07:04 +0000 (17:07 +0200)]
added unit test for identification_t.contains_wildcard()

10 years agosimplified identification_t.clone() using memcpy
Martin Willi [Fri, 3 Jul 2009 14:30:08 +0000 (16:30 +0200)]
simplified identification_t.clone() using memcpy

10 years agouse an enumerator to parse RDNs, based on asn1_unwrap() function
Martin Willi [Fri, 3 Jul 2009 14:12:17 +0000 (16:12 +0200)]
use an enumerator to parse RDNs, based on asn1_unwrap() function

10 years agomake filter enumerator methods static
Martin Willi [Fri, 3 Jul 2009 12:17:05 +0000 (14:17 +0200)]
make filter enumerator methods static

10 years agoasn1_unwrap() function to parse ASN.1 objects with length/type
Martin Willi [Fri, 3 Jul 2009 09:06:51 +0000 (11:06 +0200)]
asn1_unwrap() function to parse ASN.1 objects with length/type

10 years agomake ecp_x_coordinate_only = yes the default
Andreas Steffen [Mon, 6 Jul 2009 09:47:38 +0000 (11:47 +0200)]
make ecp_x_coordinate_only = yes the default

10 years agoecp_x_coordinate only option allows ECP interoperability with MS Windows
Andreas Steffen [Mon, 6 Jul 2009 06:47:18 +0000 (08:47 +0200)]
ecp_x_coordinate only option allows ECP interoperability with MS Windows

10 years agosupport of OpenPGP V4 fingerprints
Andreas Steffen [Sat, 4 Jul 2009 07:25:29 +0000 (09:25 +0200)]
support of OpenPGP V4 fingerprints

10 years agocorrected comment
Andreas Steffen [Fri, 3 Jul 2009 20:39:18 +0000 (22:39 +0200)]
corrected comment

10 years agolisten for CHILD_SA state changes only until it has been installed
Martin Willi [Fri, 3 Jul 2009 08:46:30 +0000 (10:46 +0200)]
listen for CHILD_SA state changes only until it has been installed

10 years agoupdated copyright statement
Andreas Steffen [Wed, 1 Jul 2009 13:27:58 +0000 (15:27 +0200)]
updated copyright statement

10 years agoadded additional sanity checks to asn1_length() parsing
Martin Willi [Fri, 3 Jul 2009 07:26:48 +0000 (09:26 +0200)]
added additional sanity checks to asn1_length() parsing

10 years agoadded -avoid-version to LDFLAGS, plugins are not versioned
Martin Willi [Fri, 3 Jul 2009 06:57:11 +0000 (08:57 +0200)]
added -avoid-version to LDFLAGS, plugins are not versioned

10 years agodefer MOBIKE update if we have no route to the peer
Martin Willi [Thu, 2 Jul 2009 08:56:13 +0000 (10:56 +0200)]
defer MOBIKE update if we have no route to the peer

10 years agodo not abort notifying listeners if a listener unregisters
Martin Willi [Thu, 2 Jul 2009 07:38:12 +0000 (09:38 +0200)]
do not abort notifying listeners if a listener unregisters

10 years agoadded mconsole exec patch based on 2.6.30
Martin Willi [Wed, 1 Jul 2009 11:53:46 +0000 (13:53 +0200)]
added mconsole exec patch based on 2.6.30

10 years agoadded mconsole exec patch based on 2.6.29
Martin Willi [Wed, 1 Jul 2009 11:52:54 +0000 (13:52 +0200)]
added mconsole exec patch based on 2.6.29

10 years agosignal tunnel breakage to NetworkManager
Martin Willi [Tue, 30 Jun 2009 15:47:42 +0000 (17:47 +0200)]
signal tunnel breakage to NetworkManager

10 years agorestarting dbus is insufficient, restart network-manager after installation
Martin Willi [Tue, 30 Jun 2009 15:03:53 +0000 (17:03 +0200)]
restarting dbus is insufficient, restart network-manager after installation

10 years agoenforce correct RSA signature lenght in gcrypt
Martin Willi [Tue, 30 Jun 2009 10:10:30 +0000 (12:10 +0200)]
enforce correct RSA signature lenght in gcrypt

10 years agoadded missing header files
Andreas Steffen [Tue, 23 Jun 2009 22:07:36 +0000 (00:07 +0200)]
added missing header files

10 years agohandle --disable-pluto/charon with --enable-integrity-test
Martin Willi [Mon, 22 Jun 2009 14:37:28 +0000 (16:37 +0200)]
handle --disable-pluto/charon with --enable-integrity-test

10 years agodeinit() library if integrity check fails
Martin Willi [Mon, 22 Jun 2009 14:18:53 +0000 (16:18 +0200)]
deinit() library if integrity check fails

10 years agobuild and verify on disk file integrity of pluto and charon executables
Martin Willi [Mon, 22 Jun 2009 12:42:04 +0000 (14:42 +0200)]
build and verify on disk file integrity of pluto and charon executables

10 years agoremoved functions from faked symbol list, not needed anymore with RTLD_LAZY
Martin Willi [Mon, 22 Jun 2009 10:56:28 +0000 (12:56 +0200)]
removed functions from faked symbol list, not needed anymore with RTLD_LAZY

10 years agoindicate use if integrity testing at startup
Martin Willi [Mon, 22 Jun 2009 10:49:57 +0000 (12:49 +0200)]
indicate use if integrity testing at startup

10 years agomoved checksum_builder/libchechsum to top srcdir to respect build order
Martin Willi [Mon, 22 Jun 2009 10:47:09 +0000 (12:47 +0200)]
moved checksum_builder/libchechsum to top srcdir to respect build order

10 years agocheck for dladdr() and dl_iterate_phdr() if --enable-integrity-test set
Martin Willi [Fri, 19 Jun 2009 15:50:40 +0000 (17:50 +0200)]
check for dladdr() and dl_iterate_phdr() if --enable-integrity-test set

10 years agobuild integrity_checker.c only if --enable-integrity-test set
Martin Willi [Fri, 19 Jun 2009 15:37:08 +0000 (17:37 +0200)]
build integrity_checker.c only if --enable-integrity-test set

10 years agocheck on-disk and loaded segment integrity of libstrongswan
Martin Willi [Fri, 19 Jun 2009 15:27:57 +0000 (17:27 +0200)]
check on-disk and loaded segment integrity of libstrongswan

10 years agoreduced verbosity of integrity checker
Martin Willi [Fri, 19 Jun 2009 15:16:57 +0000 (17:16 +0200)]
reduced verbosity of integrity checker

10 years agoremoved obsolete INTEGRITY_TEST and fips signer code
Martin Willi [Fri, 19 Jun 2009 14:39:44 +0000 (16:39 +0200)]
removed obsolete INTEGRITY_TEST and fips signer code
--enable-integrity-test now conditionally builds libchecksum

10 years agobuild checksums for charon plugins
Martin Willi [Fri, 19 Jun 2009 14:21:09 +0000 (16:21 +0200)]
build checksums for charon plugins

10 years agolibrary initialization fails if libstrongswan checksum is invalid
Martin Willi [Fri, 19 Jun 2009 10:01:52 +0000 (12:01 +0200)]
library initialization fails if libstrongswan checksum is invalid

10 years agochecksum.c depends on all libraries
Martin Willi [Fri, 19 Jun 2009 09:52:51 +0000 (11:52 +0200)]
checksum.c depends on all libraries

10 years agoimplemented a checksum_builder tool to build the checksum library
Martin Willi [Fri, 19 Jun 2009 09:42:54 +0000 (11:42 +0200)]
implemented a checksum_builder tool to build the checksum library

10 years agointegrity checker accepts an option checksum library on construction
Martin Willi [Fri, 19 Jun 2009 09:40:41 +0000 (11:40 +0200)]
integrity checker accepts an option checksum library on construction

10 years agocheck integrity of libstrongswan
Martin Willi [Thu, 18 Jun 2009 15:51:22 +0000 (17:51 +0200)]
check integrity of libstrongswan

10 years agocheck integrity of plugins before loading
Martin Willi [Thu, 18 Jun 2009 15:50:28 +0000 (17:50 +0200)]
check integrity of plugins before loading

10 years agoimplemented an integrity checker class to build and check code integrity
Martin Willi [Thu, 18 Jun 2009 15:48:15 +0000 (17:48 +0200)]
implemented an integrity checker class to build and check code integrity

10 years agodist-hook to remove .svn folder not needed anymore
Martin Willi [Mon, 22 Jun 2009 13:45:24 +0000 (15:45 +0200)]
dist-hook to remove .svn folder not needed anymore

10 years agoremoved unneeded newline
Martin Willi [Mon, 22 Jun 2009 13:35:18 +0000 (15:35 +0200)]
removed unneeded newline

10 years agouse get_proposal_token() for algorithm selection
Andreas Steffen [Sat, 20 Jun 2009 10:09:36 +0000 (12:09 +0200)]
use get_proposal_token() for algorithm selection

10 years agoversion bump to 4.3.3
Andreas Steffen [Fri, 19 Jun 2009 15:00:34 +0000 (17:00 +0200)]
version bump to 4.3.3

10 years agoauthby=pubkey is now the default authentication 4.3.2
Andreas Steffen [Fri, 19 Jun 2009 08:41:38 +0000 (10:41 +0200)]
authby=pubkey is now the default authentication

10 years agofixed another 64bit compiler warning
Martin Willi [Fri, 19 Jun 2009 08:19:55 +0000 (10:19 +0200)]
fixed another 64bit compiler warning

10 years agofixed compiler warning
Martin Willi [Fri, 19 Jun 2009 08:05:27 +0000 (10:05 +0200)]
fixed compiler warning

10 years agoreverted rule_count back to size_t, as it is passed as pointer (fixes 64bit issues)
Martin Willi [Fri, 19 Jun 2009 08:01:04 +0000 (10:01 +0200)]
reverted rule_count back to size_t, as it is passed as pointer (fixes 64bit issues)

10 years agoadded info about two DoS fixes
Andreas Steffen [Thu, 18 Jun 2009 17:29:16 +0000 (19:29 +0200)]
added info about two DoS fixes

10 years agoHASH_MD2 is not implemented yet in gcrypt
Andreas Steffen [Thu, 18 Jun 2009 08:03:05 +0000 (10:03 +0200)]
HASH_MD2 is not implemented yet in gcrypt

10 years agoadded test vector for NULL encryption
Andreas Steffen [Thu, 18 Jun 2009 07:59:24 +0000 (09:59 +0200)]
added test vector for NULL encryption

10 years agoadded test vector for NULL encryption
Andreas Steffen [Thu, 18 Jun 2009 07:42:05 +0000 (09:42 +0200)]
added test vector for NULL encryption

10 years agoadded md2 and md4 test vectors
Andreas Steffen [Thu, 18 Jun 2009 07:32:57 +0000 (09:32 +0200)]
added md2 and md4 test vectors

10 years agoadded 2 des test vectors
Andreas Steffen [Thu, 18 Jun 2009 06:23:51 +0000 (08:23 +0200)]
added 2 des test vectors

10 years agoadded gcrypt-ikev2/alg-camellia scenario
Andreas Steffen [Thu, 18 Jun 2009 05:48:38 +0000 (07:48 +0200)]
added gcrypt-ikev2/alg-camellia scenario

10 years agoremoved serpent and twofish plugins - use gcrypt instead
Andreas Steffen [Thu, 18 Jun 2009 05:27:40 +0000 (07:27 +0200)]
removed serpent and twofish plugins - use gcrypt instead

10 years agomoved alg-serpent and alg-twofish scenarios to gcrypt-ikev1
Andreas Steffen [Thu, 18 Jun 2009 05:15:51 +0000 (07:15 +0200)]
moved alg-serpent and alg-twofish scenarios to gcrypt-ikev1

10 years agofixed typo
Andreas Steffen [Thu, 18 Jun 2009 03:56:02 +0000 (05:56 +0200)]
fixed typo

10 years agoremoved superfluous print argument
Andreas Steffen [Wed, 17 Jun 2009 20:54:57 +0000 (22:54 +0200)]
removed superfluous print argument

10 years agoadded 2 RC5 test vectors
Andreas Steffen [Wed, 17 Jun 2009 20:34:03 +0000 (22:34 +0200)]
added 2 RC5 test vectors

10 years agoadded 2 IDEA test vectors
Andreas Steffen [Wed, 17 Jun 2009 19:53:30 +0000 (21:53 +0200)]
added 2 IDEA test vectors

10 years agoadded 6 serpent test vectors
Andreas Steffen [Wed, 17 Jun 2009 19:37:26 +0000 (21:37 +0200)]
added 6 serpent test vectors