strongswan.git
11 years agoadded plutdebug=control
Andreas Steffen [Fri, 15 May 2009 07:13:13 +0000 (09:13 +0200)]
added plutdebug=control

11 years agoif enabled, load openssl plugin by default in pluto
Andreas Steffen [Fri, 15 May 2009 06:46:49 +0000 (08:46 +0200)]
if enabled, load openssl plugin by default in pluto

11 years agomore intuitive leap year check
Tobias Brunner [Thu, 14 May 2009 16:58:17 +0000 (18:58 +0200)]
more intuitive leap year check

11 years agoalso support 192 bit keys for Twofish and Serpent
Andreas Steffen [Thu, 14 May 2009 23:48:56 +0000 (01:48 +0200)]
also support 192 bit keys for Twofish and Serpent

11 years agofixed copy-and-paste caption error
Andreas Steffen [Thu, 14 May 2009 23:40:27 +0000 (01:40 +0200)]
fixed copy-and-paste caption error

11 years agogot rid of libcrypto
Andreas Steffen [Thu, 14 May 2009 23:28:48 +0000 (01:28 +0200)]
got rid of libcrypto

11 years agoremoved libcrypto includes
Andreas Steffen [Thu, 14 May 2009 21:07:17 +0000 (23:07 +0200)]
removed libcrypto includes

11 years agocleaned up pluto's crypto framework
Andreas Steffen [Thu, 14 May 2009 20:56:10 +0000 (22:56 +0200)]
cleaned up pluto's crypto framework

11 years agocompleted serpent plugin
Andreas Steffen [Thu, 14 May 2009 20:30:24 +0000 (22:30 +0200)]
completed serpent plugin

11 years agocosmetics
Andreas Steffen [Thu, 14 May 2009 20:25:38 +0000 (22:25 +0200)]
cosmetics

11 years agosplit encrypt/decrypt functionality of crypto_cbc()
Andreas Steffen [Thu, 14 May 2009 19:03:39 +0000 (21:03 +0200)]
split encrypt/decrypt functionality of crypto_cbc()

11 years agofixed ikev1 iv derivation
Andreas Steffen [Thu, 14 May 2009 18:25:38 +0000 (20:25 +0200)]
fixed ikev1 iv derivation

11 years agoMac OS X doesn't have SADB_X_AALG_AES_XCBC_MAC
Tobias Brunner [Thu, 14 May 2009 12:31:27 +0000 (14:31 +0200)]
Mac OS X doesn't have SADB_X_AALG_AES_XCBC_MAC

11 years agoadded another possible location for the ipsec.h header file
Tobias Brunner [Thu, 14 May 2009 12:29:41 +0000 (14:29 +0200)]
added another possible location for the ipsec.h header file

11 years agofixed compiler warning
Tobias Brunner [Tue, 12 May 2009 17:25:42 +0000 (19:25 +0200)]
fixed compiler warning

11 years agomake socket_t compatible with RFC 2292 (that got obsoleted by RFC 3542)
Tobias Brunner [Tue, 12 May 2009 17:23:49 +0000 (19:23 +0200)]
make socket_t compatible with RFC 2292 (that got obsoleted by RFC 3542)

11 years agocompleted twofish sources
Andreas Steffen [Thu, 14 May 2009 14:51:53 +0000 (16:51 +0200)]
completed twofish sources

11 years agoported twofish as a plugin
Andreas Steffen [Thu, 14 May 2009 13:39:19 +0000 (15:39 +0200)]
ported twofish as a plugin

11 years agofixed 32 bit overflow check
Andreas Steffen [Thu, 14 May 2009 13:35:41 +0000 (15:35 +0200)]
fixed 32 bit overflow check

11 years agoadded eap_start option to radius plugin
Martin Willi [Thu, 14 May 2009 12:11:40 +0000 (14:11 +0200)]
added eap_start option to radius plugin

EAP-Start sends an empty EAP message to initiate EAP conversation
before doing EAP-Identity.

11 years agointroduced encryption test vectors
Andreas Steffen [Thu, 14 May 2009 11:55:48 +0000 (13:55 +0200)]
introduced encryption test vectors

11 years agorenamed ENCR_TWOFISH and ENCR_SERPENT to ENCR_TWOFISH_CBC and ENCR_SERPENT_CBC, respe...
Andreas Steffen [Thu, 14 May 2009 11:55:10 +0000 (13:55 +0200)]
renamed ENCR_TWOFISH and ENCR_SERPENT to ENCR_TWOFISH_CBC and ENCR_SERPENT_CBC, respectively

11 years agofixed setting of variable key length
Andreas Steffen [Thu, 14 May 2009 11:53:16 +0000 (13:53 +0200)]
fixed setting of variable key length

11 years agouse localtime_r() instead of localtime()
Andreas Steffen [Thu, 14 May 2009 11:50:52 +0000 (13:50 +0200)]
use localtime_r() instead of localtime()

11 years agoclone iv before blowfish en|decryption
Andreas Steffen [Thu, 14 May 2009 08:54:39 +0000 (10:54 +0200)]
clone iv before blowfish en|decryption

11 years agoreplaced clone_bytes() by clalloc()
Andreas Steffen [Thu, 14 May 2009 08:45:27 +0000 (10:45 +0200)]
replaced clone_bytes() by clalloc()

11 years agofixed indentation
Andreas Steffen [Thu, 14 May 2009 08:27:55 +0000 (10:27 +0200)]
fixed indentation

11 years agocompute ASN.1 to UTC time without time functions
Andreas Steffen [Wed, 13 May 2009 21:36:17 +0000 (23:36 +0200)]
compute ASN.1 to UTC time without time functions

11 years agochanged TRUE/FALSE to 1/0
Andreas Steffen [Wed, 13 May 2009 09:04:18 +0000 (11:04 +0200)]
changed TRUE/FALSE to 1/0

11 years agoblowfish block size is 8 bytes
Andreas Steffen [Tue, 12 May 2009 17:17:52 +0000 (19:17 +0200)]
blowfish block size is 8 bytes

11 years agofixed caption
Andreas Steffen [Tue, 12 May 2009 16:30:40 +0000 (18:30 +0200)]
fixed caption

11 years agochanged remaining plog() to DBG1()
Andreas Steffen [Tue, 12 May 2009 16:14:53 +0000 (18:14 +0200)]
changed remaining plog() to DBG1()

11 years agosimplified SPI allocation after refactorings
Martin Willi [Thu, 14 May 2009 08:28:18 +0000 (10:28 +0200)]
simplified SPI allocation after refactorings

11 years agoidentation cleanups
Martin Willi [Wed, 13 May 2009 13:57:31 +0000 (15:57 +0200)]
identation cleanups

11 years agofixed identation
Martin Willi [Wed, 13 May 2009 12:55:35 +0000 (14:55 +0200)]
fixed identation

11 years agofixing compilation of socket_t on systems that have neither IP_PKTINFO (Linux) nor...
Tobias Brunner [Tue, 12 May 2009 15:35:19 +0000 (17:35 +0200)]
fixing compilation of socket_t on systems that have neither IP_PKTINFO (Linux) nor IP_SENDSRCADDR (FreeBSD)

11 years agofixed cleanup of traffic selector lists
Martin Willi [Tue, 12 May 2009 15:13:09 +0000 (17:13 +0200)]
fixed cleanup of traffic selector lists

11 years agodo not destroy packet twice if message generation failed
Martin Willi [Tue, 12 May 2009 12:38:48 +0000 (14:38 +0200)]
do not destroy packet twice if message generation failed

11 years agoproperly end CERT_PRE task after detecting the final authentication round
Martin Willi [Tue, 12 May 2009 09:26:50 +0000 (11:26 +0200)]
properly end CERT_PRE task after detecting the final authentication round

11 years agodo not report increasing rekey times if rekeying currently active
Martin Willi [Tue, 12 May 2009 08:56:21 +0000 (10:56 +0200)]
do not report increasing rekey times if rekeying currently active

11 years agodo not report a CHILD_SA rekey time if rekeying disabled
Martin Willi [Tue, 12 May 2009 08:55:13 +0000 (10:55 +0200)]
do not report a CHILD_SA rekey time if rekeying disabled

11 years agoquote identities
Andreas Steffen [Mon, 11 May 2009 20:07:49 +0000 (22:07 +0200)]
quote identities

11 years agoalso update permission in template/guest folders
Martin Willi [Mon, 11 May 2009 15:26:13 +0000 (17:26 +0200)]
also update permission in template/guest folders
some identation cleanups

11 years agoremoved @brief doxygen keywords
Martin Willi [Mon, 11 May 2009 15:24:51 +0000 (17:24 +0200)]
removed @brief doxygen keywords

11 years agolist available templates using "template" alias
Martin Willi [Mon, 11 May 2009 15:20:01 +0000 (17:20 +0200)]
list available templates using "template" alias

11 years agoruby bindings for template enumerator
Martin Willi [Mon, 11 May 2009 15:19:36 +0000 (17:19 +0200)]
ruby bindings for template enumerator

11 years agoadded a Dumm template enumerator
Martin Willi [Mon, 11 May 2009 15:18:59 +0000 (17:18 +0200)]
added a Dumm template enumerator

11 years agoallow "others" to read created dumm files/folders
Martin Willi [Mon, 11 May 2009 14:38:04 +0000 (16:38 +0200)]
allow "others" to read created dumm files/folders

11 years agoimplemented blowfish as a plugin
Andreas Steffen [Mon, 11 May 2009 13:25:36 +0000 (15:25 +0200)]
implemented blowfish as a plugin

11 years agocorrected debug output of passphrase
Andreas Steffen [Mon, 11 May 2009 11:54:22 +0000 (13:54 +0200)]
corrected debug output of passphrase

11 years agohand out a IPv4 virtual address if %any6 is requested
Martin Willi [Mon, 11 May 2009 11:33:55 +0000 (13:33 +0200)]
hand out a IPv4 virtual address if %any6 is requested

11 years agofixed configuration payload type as responder
Martin Willi [Mon, 11 May 2009 11:23:15 +0000 (13:23 +0200)]
fixed configuration payload type as responder

11 years agonever send a CERT payload in EAP
Martin Willi [Mon, 11 May 2009 09:37:58 +0000 (11:37 +0200)]
never send a CERT payload in EAP

11 years agoupdated MSK calculation in MSCHAPv2, compatible with Win7/2008 RC.
Martin Willi [Mon, 11 May 2009 08:41:28 +0000 (10:41 +0200)]
updated MSK calculation in MSCHAPv2, compatible with Win7/2008 RC.

11 years agoFixed EAP authentication regression
Martin Willi [Mon, 11 May 2009 08:35:44 +0000 (10:35 +0200)]
Fixed EAP authentication regression

Use correct nonce/init message again for EAP AUTH payload
sent from responder to initiator.

11 years agofixed memleak
Martin Willi [Mon, 11 May 2009 08:11:20 +0000 (10:11 +0200)]
fixed memleak

11 years agostarted migration to encryption plugins
Andreas Steffen [Fri, 8 May 2009 22:04:15 +0000 (00:04 +0200)]
started migration to encryption plugins

11 years agoadded a configure option to enable the Vstr string library even if register_printf_fu...
Tobias Brunner [Fri, 24 Apr 2009 03:32:17 +0000 (05:32 +0200)]
added a configure option to enable the Vstr string library even if register_printf_function is available

11 years agofixing compilation when using the Vstr string library
Tobias Brunner [Fri, 24 Apr 2009 03:30:50 +0000 (05:30 +0200)]
fixing compilation when using the Vstr string library

11 years agofixed timezone compensation when parsing ASN.1 dates
Tobias Brunner [Fri, 8 May 2009 13:21:31 +0000 (15:21 +0200)]
fixed timezone compensation when parsing ASN.1 dates

11 years agodrop acquires we already have a pending connection attempt
Martin Willi [Fri, 8 May 2009 08:02:23 +0000 (10:02 +0200)]
drop acquires we already have a pending connection attempt

11 years agoinitiate trapped CHILD_SAs with same reqid
Martin Willi [Fri, 8 May 2009 07:59:53 +0000 (09:59 +0200)]
initiate trapped CHILD_SAs with same reqid

11 years agoremoved $Id$ from new template generated files
Martin Willi [Wed, 6 May 2009 17:52:23 +0000 (19:52 +0200)]
removed $Id$ from new template generated files

11 years agolisting routed connection in statusall
Martin Willi [Wed, 6 May 2009 17:50:18 +0000 (19:50 +0200)]
listing routed connection in statusall

11 years agoremoved obsolete route/unroute code from ike_sa/controller
Martin Willi [Wed, 6 May 2009 17:49:20 +0000 (19:49 +0200)]
removed obsolete route/unroute code from ike_sa/controller

11 years agomake use of the new trap-manager
Martin Willi [Wed, 6 May 2009 17:48:21 +0000 (19:48 +0200)]
make use of the new trap-manager

11 years agoadded a trap-manager to handle routed policies outside of IKE_SAs
Martin Willi [Wed, 6 May 2009 17:45:11 +0000 (19:45 +0200)]
added a trap-manager to handle routed policies outside of IKE_SAs

11 years agodefined ENCR_TWOFISH and ENCR_SERPENT
Andreas Steffen [Fri, 8 May 2009 05:51:24 +0000 (07:51 +0200)]
defined ENCR_TWOFISH and ENCR_SERPENT

11 years agoinserted HASH_MD4 in increasing order
Andreas Steffen [Thu, 7 May 2009 21:19:19 +0000 (23:19 +0200)]
inserted HASH_MD4 in increasing order

11 years agofixed generation of IKEv1 key material
Andreas Steffen [Thu, 7 May 2009 20:42:35 +0000 (22:42 +0200)]
fixed generation of IKEv1 key material

11 years agofixed compiler warnings
Tobias Brunner [Thu, 7 May 2009 15:53:05 +0000 (17:53 +0200)]
fixed compiler warnings

11 years agoMerge branch 'master' of git.strongswan.org:~/strongswan into HEAD
Tobias Brunner [Thu, 7 May 2009 15:47:48 +0000 (17:47 +0200)]
Merge branch 'master' of git.strongswan.org:~/strongswan into HEAD

11 years agoproperly convert boolean flags when parsing ipsec.conf
Tobias Brunner [Thu, 7 May 2009 15:43:16 +0000 (17:43 +0200)]
properly convert boolean flags when parsing ipsec.conf

11 years agouse bool instead of int
Tobias Brunner [Thu, 7 May 2009 15:42:25 +0000 (17:42 +0200)]
use bool instead of int

11 years agoproperly initialize buffer when printing loaded plugins.
Tobias Brunner [Thu, 7 May 2009 15:40:19 +0000 (17:40 +0200)]
properly initialize buffer when printing loaded plugins.

11 years agoinstanciate new tasks only if none queued
Martin Willi [Thu, 7 May 2009 13:57:34 +0000 (15:57 +0200)]
instanciate new tasks only if none queued

11 years agoproperly delete IKE_SA if IKE_SA_INIT processing failed
Martin Willi [Thu, 7 May 2009 13:53:45 +0000 (15:53 +0200)]
properly delete IKE_SA if IKE_SA_INIT processing failed

11 years agoannounce EAP method initiation once only
Martin Willi [Thu, 7 May 2009 09:11:56 +0000 (11:11 +0200)]
announce EAP method initiation once only

11 years agosome additional .gitignore's
Martin Willi [Thu, 7 May 2009 08:33:30 +0000 (10:33 +0200)]
some additional .gitignore's

11 years agofixed .gitignore for backup files
Martin Willi [Thu, 7 May 2009 08:21:07 +0000 (10:21 +0200)]
fixed .gitignore for backup files

11 years agoadded .gitignore files for dumm
Martin Willi [Thu, 7 May 2009 08:19:01 +0000 (10:19 +0200)]
added .gitignore files for dumm

11 years agouse hash size constants from hasher.h
Andreas Steffen [Thu, 7 May 2009 08:10:42 +0000 (10:10 +0200)]
use hash size constants from hasher.h

11 years agoremoved all hash function code from pluto
Andreas Steffen [Wed, 6 May 2009 20:46:51 +0000 (22:46 +0200)]
removed all hash function code from pluto

11 years agoall hashes, hmacs and prfs use libstrongswan
Andreas Steffen [Wed, 6 May 2009 18:05:06 +0000 (20:05 +0200)]
all hashes, hmacs and prfs use libstrongswan

11 years agocompiler warning fixed
Tobias Brunner [Wed, 6 May 2009 11:41:33 +0000 (07:41 -0400)]
compiler warning fixed

11 years agomore portable handling of the bool data type (Mac OS X has stdbool.h)
Tobias Brunner [Wed, 6 May 2009 11:30:38 +0000 (07:30 -0400)]
more portable handling of the bool data type (Mac OS X has stdbool.h)

11 years agorenamed some conflicting function names
Tobias Brunner [Wed, 6 May 2009 11:25:07 +0000 (07:25 -0400)]
renamed some conflicting function names

11 years agogethostbyname_r is not supported on Mac OS X (but gethostbyname uses thread-local...
Tobias Brunner [Wed, 6 May 2009 11:23:31 +0000 (07:23 -0400)]
gethostbyname_r is not supported on Mac OS X (but gethostbyname uses thread-local buffers)

11 years agolibtoolize is called glibtoolize on Mac OS X
Tobias Brunner [Tue, 5 May 2009 12:02:07 +0000 (08:02 -0400)]
libtoolize is called glibtoolize on Mac OS X

11 years agofixed removal of child configs
Martin Willi [Wed, 6 May 2009 10:56:21 +0000 (12:56 +0200)]
fixed removal of child configs
purge empty peer configs

11 years agofixed remove_child_cfg(), use correct enumerator for remove_at
Martin Willi [Wed, 6 May 2009 09:09:57 +0000 (11:09 +0200)]
fixed remove_child_cfg(), use correct enumerator for remove_at

11 years agoadded backup files (*.~) and patch leftovers (*.orig) to .gitignore
Martin Willi [Wed, 6 May 2009 08:36:39 +0000 (10:36 +0200)]
added backup files (*.~) and patch leftovers (*.orig) to .gitignore

11 years agoSKEYID derivation based on libstrongswan
Andreas Steffen [Tue, 5 May 2009 12:28:02 +0000 (14:28 +0200)]
SKEYID derivation based on libstrongswan

11 years agoset IKE_SA on bus to catch unroute event properly
Martin Willi [Tue, 5 May 2009 07:47:58 +0000 (09:47 +0200)]
set IKE_SA on bus to catch unroute event properly

11 years agouse prfs for IKEv1 hmacs
Andreas Steffen [Mon, 4 May 2009 21:38:57 +0000 (23:38 +0200)]
use prfs for IKEv1 hmacs

11 years agofixed typo
Andreas Steffen [Mon, 4 May 2009 21:08:29 +0000 (23:08 +0200)]
fixed typo

11 years agoadded support for AUTH_HMAC_SHA1_160
Andreas Steffen [Mon, 4 May 2009 21:01:40 +0000 (23:01 +0200)]
added support for AUTH_HMAC_SHA1_160

11 years agoadded apidoc output to .gitignore
Martin Willi [Mon, 4 May 2009 14:11:40 +0000 (16:11 +0200)]
added apidoc output to .gitignore

11 years agomoved hasher to the correct doxygen group
Martin Willi [Mon, 4 May 2009 14:10:13 +0000 (16:10 +0200)]
moved hasher to the correct doxygen group

11 years agofixed dladdr ./configure check, leak detective whitelist
Martin Willi [Mon, 4 May 2009 11:59:44 +0000 (13:59 +0200)]
fixed dladdr ./configure check, leak detective whitelist