strongswan.git
7 years agominor fixes in imc_attestation.c
Andreas Steffen [Thu, 11 Oct 2012 22:53:07 +0000 (00:53 +0200)]
minor fixes in imc_attestation.c

7 years agoFixed update_sa in kernel-netlink plugin if marks are used
Tobias Brunner [Thu, 11 Oct 2012 17:08:47 +0000 (19:08 +0200)]
Fixed update_sa in kernel-netlink plugin if marks are used

7 years agoFixed compilation of android_handler_t
Tobias Brunner [Thu, 11 Oct 2012 09:12:05 +0000 (11:12 +0200)]
Fixed compilation of android_handler_t

7 years agoversion bump to 5.0.2dr1
Andreas Steffen [Thu, 11 Oct 2012 07:21:38 +0000 (09:21 +0200)]
version bump to 5.0.2dr1

7 years agoimplemented os_info_t class
Andreas Steffen [Wed, 10 Oct 2012 19:54:05 +0000 (21:54 +0200)]
implemented os_info_t class

7 years agoRemove outdated TODO information
Martin Willi [Wed, 10 Oct 2012 11:10:28 +0000 (13:10 +0200)]
Remove outdated TODO information

7 years agoimplemented IETF String Version attribute
Andreas Steffen [Wed, 10 Oct 2012 10:30:18 +0000 (12:30 +0200)]
implemented IETF String Version attribute

7 years agorestrict package name and package version number fields to 255 octets
Andreas Steffen [Wed, 10 Oct 2012 07:03:11 +0000 (09:03 +0200)]
restrict package name and package version number fields to 255 octets

7 years agocreated OS IMC/IMV pair
Andreas Steffen [Tue, 9 Oct 2012 21:58:17 +0000 (23:58 +0200)]
created OS IMC/IMV pair

7 years agoimplemented IETF Installed Packages attribute
Andreas Steffen [Tue, 9 Oct 2012 21:28:15 +0000 (23:28 +0200)]
implemented IETF Installed Packages attribute

7 years agofixed PA-TNC error code to Invalid Parameter
Andreas Steffen [Tue, 9 Oct 2012 21:22:03 +0000 (23:22 +0200)]
fixed PA-TNC error code to Invalid Parameter

7 years agocheck for zero product vendor ID and non-zero product ID
Andreas Steffen [Tue, 9 Oct 2012 18:07:51 +0000 (20:07 +0200)]
check for zero product vendor ID and non-zero product ID

7 years agocosmetics
Andreas Steffen [Tue, 9 Oct 2012 18:06:55 +0000 (20:06 +0200)]
cosmetics

7 years agocosmetics
Andreas Steffen [Mon, 8 Oct 2012 17:17:13 +0000 (19:17 +0200)]
cosmetics

7 years agoFix leak of PINs from ipsec.secrets
Martin Willi [Thu, 4 Oct 2012 12:45:10 +0000 (14:45 +0200)]
Fix leak of PINs from ipsec.secrets

7 years agolist multiple files with a given basename but different path names
Andreas Steffen [Mon, 8 Oct 2012 16:56:22 +0000 (18:56 +0200)]
list multiple files with a given basename but different path names

7 years agocheck length of hex-encoded IV
Andreas Steffen [Sun, 7 Oct 2012 15:07:35 +0000 (17:07 +0200)]
check length of hex-encoded IV

7 years agoallow has_noskip_flag to contain TRUE_OR_FALSE
Andreas Steffen [Sun, 7 Oct 2012 14:26:02 +0000 (16:26 +0200)]
allow has_noskip_flag to contain TRUE_OR_FALSE

7 years agofree entry in error case
Andreas Steffen [Sun, 7 Oct 2012 12:08:49 +0000 (14:08 +0200)]
free entry in error case

7 years agotest first and up in the outer while loop
Andreas Steffen [Sun, 7 Oct 2012 10:46:19 +0000 (12:46 +0200)]
test first and up in the outer while loop

7 years agofixed generation of PA-TNC error messages
Andreas Steffen [Sun, 7 Oct 2012 09:37:30 +0000 (11:37 +0200)]
fixed generation of PA-TNC error messages

7 years agoadded some new SHA-512 OIDs
Andreas Steffen [Wed, 3 Oct 2012 13:33:56 +0000 (15:33 +0200)]
added some new SHA-512 OIDs

7 years agoAdd a libfast sendfile() method to send files from disk 5.0.1
Martin Willi [Tue, 2 Oct 2012 13:37:36 +0000 (15:37 +0200)]
Add a libfast sendfile() method to send files from disk

7 years agoInclude all dev headers, even if they are configuration specific
Martin Willi [Tue, 2 Oct 2012 09:38:42 +0000 (11:38 +0200)]
Include all dev headers, even if they are configuration specific

7 years agoversion bump to 5.0.1
Andreas Steffen [Tue, 2 Oct 2012 08:39:43 +0000 (10:39 +0200)]
version bump to 5.0.1

7 years agoEnsure UNSUPPORTED_CRITICAL_PAYLOAD notify contains correct payload type
Tobias Brunner [Fri, 28 Sep 2012 20:31:06 +0000 (22:31 +0200)]
Ensure UNSUPPORTED_CRITICAL_PAYLOAD notify contains correct payload type

7 years agoMake sure hasher exists before trying to destroy it
Tobias Brunner [Fri, 28 Sep 2012 18:57:12 +0000 (20:57 +0200)]
Make sure hasher exists before trying to destroy it

7 years agoMissed one in 6c10cece
Tobias Brunner [Fri, 28 Sep 2012 18:55:40 +0000 (20:55 +0200)]
Missed one in 6c10cece

7 years agoMissed one in 3dcffed6
Tobias Brunner [Fri, 28 Sep 2012 18:50:09 +0000 (20:50 +0200)]
Missed one in 3dcffed6

7 years agoFixed RNG crypto tester
Tobias Brunner [Fri, 28 Sep 2012 17:13:40 +0000 (19:13 +0200)]
Fixed RNG crypto tester

7 years agoRequest is never NULL when responding with an INFORMATIONAL message
Tobias Brunner [Fri, 28 Sep 2012 17:10:03 +0000 (19:10 +0200)]
Request is never NULL when responding with an INFORMATIONAL message

7 years agoFixed check for rng in session ID creation of libfast
Tobias Brunner [Fri, 28 Sep 2012 17:07:53 +0000 (19:07 +0200)]
Fixed check for rng in session ID creation of libfast

7 years agoCompleted state handling in isakmp_cert_pre
Tobias Brunner [Fri, 28 Sep 2012 17:01:09 +0000 (19:01 +0200)]
Completed state handling in isakmp_cert_pre

Should not be a problem, but makes static analyzers happy.

7 years agoAdded missing break statements in NAT-T mapping handling in PF_KEY plugin
Tobias Brunner [Fri, 28 Sep 2012 16:57:56 +0000 (18:57 +0200)]
Added missing break statements in NAT-T mapping handling in PF_KEY plugin

7 years agoAdded missing break when building TLS cipher suites
Tobias Brunner [Fri, 28 Sep 2012 16:55:40 +0000 (18:55 +0200)]
Added missing break when building TLS cipher suites

7 years agoMake sure we successfully opened xfrm_acq_expires
Tobias Brunner [Fri, 28 Sep 2012 16:54:28 +0000 (18:54 +0200)]
Make sure we successfully opened xfrm_acq_expires

7 years agoAdded missing continue statement in ha socket error handling
Tobias Brunner [Fri, 28 Sep 2012 16:52:00 +0000 (18:52 +0200)]
Added missing continue statement in ha socket error handling

7 years agoFixed snprintf check in tnc-ifmap plugin
Tobias Brunner [Fri, 28 Sep 2012 16:49:16 +0000 (18:49 +0200)]
Fixed snprintf check in tnc-ifmap plugin

7 years agoMake static analyzers happy when parsing hosts from sockaddr_t
Tobias Brunner [Fri, 28 Sep 2012 16:35:26 +0000 (18:35 +0200)]
Make static analyzers happy when parsing hosts from sockaddr_t

7 years agoClarified code when hashing/comparing cached policies in kernel-netlink
Tobias Brunner [Fri, 28 Sep 2012 16:30:16 +0000 (18:30 +0200)]
Clarified code when hashing/comparing cached policies in kernel-netlink

7 years agoAvoid overrunning array when registering pki command line options
Tobias Brunner [Fri, 28 Sep 2012 16:22:54 +0000 (18:22 +0200)]
Avoid overrunning array when registering pki command line options

7 years agoUse %x to print uint32 as long ints are 64-bit long on x64 Linux
Tobias Brunner [Fri, 28 Sep 2012 16:09:08 +0000 (18:09 +0200)]
Use %x to print uint32 as long ints are 64-bit long on x64 Linux

7 years agoMake sure first argument is an int when using %.*s to print e.g. chunks
Tobias Brunner [Fri, 28 Sep 2012 16:01:49 +0000 (18:01 +0200)]
Make sure first argument is an int when using %.*s to print e.g. chunks

7 years agoAvoid memory leak when sending RADIUS accounting start message failed
Tobias Brunner [Fri, 28 Sep 2012 15:43:02 +0000 (17:43 +0200)]
Avoid memory leak when sending RADIUS accounting start message failed

7 years agoEnsure that pipe is closed when calling resolvconf(8)
Tobias Brunner [Fri, 28 Sep 2012 15:33:24 +0000 (17:33 +0200)]
Ensure that pipe is closed when calling resolvconf(8)

7 years agoAvoid memory leak when failing to read file metadata
Tobias Brunner [Fri, 28 Sep 2012 15:10:19 +0000 (17:10 +0200)]
Avoid memory leak when failing to read file metadata

7 years agoThe this->data member is never NULL
Tobias Brunner [Fri, 28 Sep 2012 15:08:16 +0000 (17:08 +0200)]
The this->data member is never NULL

7 years agoUse proper argument for sizeof when copying replay state
Tobias Brunner [Fri, 28 Sep 2012 15:00:20 +0000 (17:00 +0200)]
Use proper argument for sizeof when copying replay state

7 years agoAlgorithm names are not always static anymore, avoid string overflows
Tobias Brunner [Fri, 28 Sep 2012 14:42:50 +0000 (16:42 +0200)]
Algorithm names are not always static anymore, avoid string overflows

7 years agoCorrectly initialize payload length of encrypted payload
Tobias Brunner [Fri, 28 Sep 2012 14:30:26 +0000 (16:30 +0200)]
Correctly initialize payload length of encrypted payload

7 years agoThe eap argument of send_response is never NULL
Tobias Brunner [Fri, 28 Sep 2012 14:16:33 +0000 (16:16 +0200)]
The eap argument of send_response is never NULL

7 years agoProperly initialize sockaddr_in struct in fast and dhcp plugins
Tobias Brunner [Fri, 28 Sep 2012 14:03:09 +0000 (16:03 +0200)]
Properly initialize sockaddr_in struct in fast and dhcp plugins

7 years agoProperly initialize ima flag when adding file measurements
Tobias Brunner [Fri, 28 Sep 2012 13:51:39 +0000 (15:51 +0200)]
Properly initialize ima flag when adding file measurements

7 years agoProperly initialize chunk for PCR value in case of errors
Tobias Brunner [Fri, 28 Sep 2012 13:49:19 +0000 (15:49 +0200)]
Properly initialize chunk for PCR value in case of errors

7 years agoInitialize g and p in create_dh factory method
Tobias Brunner [Fri, 28 Sep 2012 13:48:09 +0000 (15:48 +0200)]
Initialize g and p in create_dh factory method

7 years agoProperly initialize chunk for extension OID when parsing CRLs
Tobias Brunner [Fri, 28 Sep 2012 13:39:37 +0000 (15:39 +0200)]
Properly initialize chunk for extension OID when parsing CRLs

7 years agoFix parsing of IPv6 headers in ip_packet_t
Tobias Brunner [Fri, 28 Sep 2012 13:15:07 +0000 (15:15 +0200)]
Fix parsing of IPv6 headers in ip_packet_t

7 years agoProperly cleanup varargs in LDAP fetcher's set_option()
Tobias Brunner [Fri, 28 Sep 2012 13:13:17 +0000 (15:13 +0200)]
Properly cleanup varargs in LDAP fetcher's set_option()

7 years agoProperly cleanup varargs in enumerators of both SQL backends
Tobias Brunner [Fri, 28 Sep 2012 13:10:29 +0000 (15:10 +0200)]
Properly cleanup varargs in enumerators of both SQL backends

7 years agoAllow replay windows smaller than the default of 32
Tobias Brunner [Thu, 27 Sep 2012 10:25:43 +0000 (12:25 +0200)]
Allow replay windows smaller than the default of 32

7 years agoProperly initialize cached address map in kernel-pfroute plugin
Tobias Brunner [Thu, 27 Sep 2012 10:42:48 +0000 (12:42 +0200)]
Properly initialize cached address map in kernel-pfroute plugin

7 years agoClarified error message if enabling UDP decapsulation fails
Tobias Brunner [Thu, 27 Sep 2012 08:49:17 +0000 (10:49 +0200)]
Clarified error message if enabling UDP decapsulation fails

7 years agoFixed compilation of kernel-pfroute plugin
Tobias Brunner [Thu, 27 Sep 2012 07:03:04 +0000 (09:03 +0200)]
Fixed compilation of kernel-pfroute plugin

7 years agoAdded description for flush_auth_cfg and acct_port plus some minor editorial changes
Tobias Brunner [Tue, 25 Sep 2012 10:22:05 +0000 (12:22 +0200)]
Added description for flush_auth_cfg and acct_port plus some minor editorial changes

7 years agoIKE_AUTH_LIFETIME task is not defined if IKEv2 is disabled
Tobias Brunner [Tue, 25 Sep 2012 07:31:47 +0000 (09:31 +0200)]
IKE_AUTH_LIFETIME task is not defined if IKEv2 is disabled

Fixes #229.

7 years agoNew Android release after fixing private key issues on Jelly Bean
Tobias Brunner [Mon, 24 Sep 2012 15:13:23 +0000 (17:13 +0200)]
New Android release after fixing private key issues on Jelly Bean

7 years agoandroid: Leak the private key reference on Jelly Bean to avoid a bug in the framework
Tobias Brunner [Mon, 24 Sep 2012 14:56:37 +0000 (16:56 +0200)]
android: Leak the private key reference on Jelly Bean to avoid a bug in the framework

A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.

7 years agoandroid: Added a global variable to check the current SDK version
Tobias Brunner [Mon, 24 Sep 2012 14:54:38 +0000 (16:54 +0200)]
android: Added a global variable to check the current SDK version

7 years agoDon't check interface of inbound message if interfaces are not filtered
Tobias Brunner [Sun, 23 Sep 2012 07:14:26 +0000 (09:14 +0200)]
Don't check interface of inbound message if interfaces are not filtered

We don't have a proper kernel-net interface on Android yet, so the check
for a usable interface does not work there.

7 years agoandroid: Load the private key and certificates separately in android_creds_t
Tobias Brunner [Sun, 23 Sep 2012 07:02:58 +0000 (09:02 +0200)]
android: Load the private key and certificates separately in android_creds_t

7 years agoandroid: Added a method to get the user's private key via JNI
Tobias Brunner [Sun, 23 Sep 2012 07:00:34 +0000 (09:00 +0200)]
android: Added a method to get the user's private key via JNI

7 years agoandroid: Added a JNI backed private key implementation
Tobias Brunner [Sun, 23 Sep 2012 06:58:37 +0000 (08:58 +0200)]
android: Added a JNI backed private key implementation

This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.

7 years agoDocumentation about some time values clarified
Tobias Brunner [Mon, 24 Sep 2012 14:02:03 +0000 (16:02 +0200)]
Documentation about some time values clarified

7 years agoremoved ikev2/dynamic-responder scenario
Andreas Steffen [Sat, 22 Sep 2012 15:50:50 +0000 (17:50 +0200)]
removed ikev2/dynamic-responder scenario

7 years agoMake sure the if_name member of cached route entries is initialized to NULL
Tobias Brunner [Sat, 22 Sep 2012 06:23:56 +0000 (08:23 +0200)]
Make sure the if_name member of cached route entries is initialized to NULL

7 years agodo not enable integrity and crypto tests in ikev1/rw-cert-unity scenario
Andreas Steffen [Fri, 21 Sep 2012 19:25:56 +0000 (21:25 +0200)]
do not enable integrity and crypto tests in ikev1/rw-cert-unity scenario

7 years agoNEWS about kernel interface changes
Tobias Brunner [Fri, 21 Sep 2012 06:41:41 +0000 (08:41 +0200)]
NEWS about kernel interface changes

7 years agoProperly handle thread cancelation in rwlock_condvar_t
Tobias Brunner [Fri, 21 Sep 2012 05:58:37 +0000 (07:58 +0200)]
Properly handle thread cancelation in rwlock_condvar_t

7 years agoUse an rwlock in kernel-pfroute too
Tobias Brunner [Fri, 21 Sep 2012 06:06:40 +0000 (08:06 +0200)]
Use an rwlock in kernel-pfroute too

7 years agoUse rwlock and rwlock_condvar to increase concurrency in kernel-netlink plugin
Tobias Brunner [Thu, 20 Sep 2012 16:21:42 +0000 (18:21 +0200)]
Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink plugin

7 years agoUse a separate mutex for cached routes in kernel-netlink plugin
Tobias Brunner [Thu, 20 Sep 2012 16:06:01 +0000 (18:06 +0200)]
Use a separate mutex for cached routes in kernel-netlink plugin

7 years agoAdded a condvar implementation that works with rwlock_t
Tobias Brunner [Thu, 20 Sep 2012 15:56:20 +0000 (17:56 +0200)]
Added a condvar implementation that works with rwlock_t

7 years agoUse a lock to safely check and update the time for the next roam event
Tobias Brunner [Thu, 20 Sep 2012 09:58:52 +0000 (11:58 +0200)]
Use a lock to safely check and update the time for the next roam event

7 years agoAdded an option to configure the interface on which virtual IP addresses are installed
Tobias Brunner [Thu, 20 Sep 2012 09:07:15 +0000 (11:07 +0200)]
Added an option to configure the interface on which virtual IP addresses are installed

7 years agoChanged how kernel-netlink handles virtual IP addresses
Tobias Brunner [Wed, 19 Sep 2012 17:10:23 +0000 (19:10 +0200)]
Changed how kernel-netlink handles virtual IP addresses

Also tried to avoid the use of enumerators.

7 years agoMade IP address enumeration more flexible
Tobias Brunner [Mon, 17 Sep 2012 17:04:51 +0000 (19:04 +0200)]
Made IP address enumeration more flexible

Also added an option to enumerate addresses on ignored interfaces.

7 years agoAvoid calculating the hash if hashtable is empty
Tobias Brunner [Fri, 21 Sep 2012 06:49:59 +0000 (08:49 +0200)]
Avoid calculating the hash if hashtable is empty

7 years agoUse a hashtable to quickly check for usable IP addresses/interfaces
Tobias Brunner [Mon, 17 Sep 2012 16:09:51 +0000 (18:09 +0200)]
Use a hashtable to quickly check for usable IP addresses/interfaces

7 years agoDrop packets received on ignored interfaces
Tobias Brunner [Fri, 14 Sep 2012 14:43:54 +0000 (16:43 +0200)]
Drop packets received on ignored interfaces

7 years agoFilter ignored interfaces in kernel interfaces (for events, address enumeration,...
Tobias Brunner [Fri, 14 Sep 2012 14:43:08 +0000 (16:43 +0200)]
Filter ignored interfaces in kernel interfaces (for events, address enumeration, etc.)

7 years ago%any is never on a local interface
Tobias Brunner [Fri, 14 Sep 2012 14:30:06 +0000 (16:30 +0200)]
%any is never on a local interface

7 years agoAvoid memset in is_anyaddr()
Tobias Brunner [Fri, 14 Sep 2012 14:14:57 +0000 (16:14 +0200)]
Avoid memset in is_anyaddr()

7 years agoMake it easy to check if an address is locally usable via changed get_interface(...
Tobias Brunner [Fri, 14 Sep 2012 14:27:33 +0000 (16:27 +0200)]
Make it easy to check if an address is locally usable via changed get_interface() method

7 years agoDon't ignore loopback devices and allow addresses on them being enumerated
Tobias Brunner [Fri, 14 Sep 2012 13:03:09 +0000 (15:03 +0200)]
Don't ignore loopback devices and allow addresses on them being enumerated

7 years agoAdded options and a lookup function that will allow filtering of network interfaces
Tobias Brunner [Fri, 14 Sep 2012 12:43:17 +0000 (14:43 +0200)]
Added options and a lookup function that will allow filtering of network interfaces

7 years agoMake streq() and strcaseeq() static inline functions so they can be used as callbacks
Tobias Brunner [Fri, 14 Sep 2012 10:06:02 +0000 (12:06 +0200)]
Make streq() and strcaseeq() static inline functions so they can be used as callbacks

7 years agoUse source address in get_nexthop() call
Tobias Brunner [Tue, 18 Sep 2012 15:55:38 +0000 (17:55 +0200)]
Use source address in get_nexthop() call

Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.

7 years agoSource address lookup refactored
Tobias Brunner [Wed, 12 Oct 2011 13:52:18 +0000 (15:52 +0200)]
Source address lookup refactored

Routes matching the destination are now first parsed and sorted by network
prefix length.  This list is then used to search for the best route with
a matching preferred source address (if one is specified).  This makes sure
we really check all routes for that address.

7 years agoCheck routes with equal prefix if preferred source is specified
Tobias Brunner [Fri, 30 Sep 2011 15:41:01 +0000 (17:41 +0200)]
Check routes with equal prefix if preferred source is specified

7 years agoTry to find preferred source on interface if returned source does not match
Tobias Brunner [Fri, 9 Sep 2011 14:07:40 +0000 (16:07 +0200)]
Try to find preferred source on interface if returned source does not match