strongswan.git
8 years agoAccept and process IKEv1 messages in receiver
Martin Willi [Tue, 15 Nov 2011 13:03:24 +0000 (14:03 +0100)]
Accept and process IKEv1 messages in receiver

8 years agoExtended IKE header for IKEv1 support
Martin Willi [Tue, 15 Nov 2011 12:53:56 +0000 (13:53 +0100)]
Extended IKE header for IKEv1 support

8 years agoAdded configure option for the IKEv1 implementation in charon.
Tobias Brunner [Wed, 9 Nov 2011 11:08:40 +0000 (12:08 +0100)]
Added configure option for the IKEv1 implementation in charon.

9 years agogcrypt does not support MD2
Andreas Steffen [Wed, 9 Nov 2011 05:48:55 +0000 (06:48 +0100)]
gcrypt does not support MD2

9 years agoadded dummy libsimaka_init() function needed for integrity testing
Andreas Steffen [Tue, 8 Nov 2011 20:18:40 +0000 (21:18 +0100)]
added dummy libsimaka_init() function needed for integrity testing

9 years agoversion bump to 4.6.1
Andreas Steffen [Tue, 8 Nov 2011 20:00:09 +0000 (21:00 +0100)]
version bump to 4.6.1

9 years agoadded dummy libtls_init() function needed for integrity testing
Andreas Steffen [Tue, 8 Nov 2011 19:27:17 +0000 (20:27 +0100)]
added dummy libtls_init() function needed for integrity testing

9 years agoFixed monolithic build of libcharon with libtnccs enabled.
Tobias Brunner [Tue, 8 Nov 2011 17:28:00 +0000 (18:28 +0100)]
Fixed monolithic build of libcharon with libtnccs enabled.

9 years agoCorrectly refer to tnc-tnccs plugin when building monolithically.
Tobias Brunner [Tue, 8 Nov 2011 17:27:44 +0000 (18:27 +0100)]
Correctly refer to tnc-tnccs plugin when building monolithically.

9 years agoCalculate checksums for libsimaka and libtls.
Tobias Brunner [Tue, 8 Nov 2011 17:15:55 +0000 (18:15 +0100)]
Calculate checksums for libsimaka and libtls.

These are currently not checked though. And because they don't define a
<libname>_init function an warning is reported when the checksum is
calculated.

9 years agoDefer calculation of checksums until installation.
Tobias Brunner [Tue, 8 Nov 2011 16:58:32 +0000 (17:58 +0100)]
Defer calculation of checksums until installation.

The checksum is now calculated from the installed libraries and plugins.
This allows to calculate checksums for plugins linking to libraries like
libtls as these are relinked during installation.

9 years agoFixed formatting for longer plugin names in checksum_builder output.
Tobias Brunner [Tue, 8 Nov 2011 16:55:39 +0000 (17:55 +0100)]
Fixed formatting for longer plugin names in checksum_builder output.

9 years agoDon't link libtnccs to checksum_builder.
Tobias Brunner [Tue, 8 Nov 2011 16:53:37 +0000 (17:53 +0100)]
Don't link libtnccs to checksum_builder.

Linking is only required for libraries defining global symbols used by
plugins to which the plugins do not link themselves.

9 years agoRevert "fixed integrity tests of plugins using libtls or libtnccs"
Tobias Brunner [Tue, 8 Nov 2011 11:08:00 +0000 (12:08 +0100)]
Revert "fixed integrity tests of plugins using libtls or libtnccs"

This reverts commit b597ac4a4cbcd9197b886d743c75d58293264580 (not
completely).

9 years agoRevert "fixed integrity tests of plugins using libsimaka"
Tobias Brunner [Tue, 8 Nov 2011 11:04:50 +0000 (12:04 +0100)]
Revert "fixed integrity tests of plugins using libsimaka"

This reverts commit 8c42f16deeeffa1ae305b18306b0796f49c9922c.

Conflicts:

src/charon/Makefile.am

9 years agomaemo: New upstream release.
Tobias Brunner [Mon, 7 Nov 2011 13:50:35 +0000 (14:50 +0100)]
maemo: New upstream release.

9 years agoassign get_features method
Andreas Steffen [Mon, 7 Nov 2011 18:15:41 +0000 (19:15 +0100)]
assign get_features method

9 years agomoved random plugin in front of openssl in order to prefer gmp
Andreas Steffen [Sat, 5 Nov 2011 06:24:17 +0000 (07:24 +0100)]
moved random plugin in front of openssl in order to prefer gmp

9 years agoAllow support for CA-certificate retrieval in scepclient 4.6.0
Thomas Egerer [Fri, 4 Nov 2011 11:29:59 +0000 (12:29 +0100)]
Allow support for CA-certificate retrieval in scepclient

I think somehow this functionality got lost in the way from
strongswan-2.7.0...

9 years agoFix 'ipsec pool --status' for empty pools.
Tobias Brunner [Fri, 4 Nov 2011 14:07:54 +0000 (15:07 +0100)]
Fix 'ipsec pool --status' for empty pools.

9 years agoSyntax error in sqlite.sql fixed.
Tobias Brunner [Fri, 4 Nov 2011 13:37:22 +0000 (14:37 +0100)]
Syntax error in sqlite.sql fixed.

9 years agoSome Android NEWS added.
Tobias Brunner [Fri, 4 Nov 2011 11:24:16 +0000 (12:24 +0100)]
Some Android NEWS added.

9 years agoDon't build pluto and starter by default on Android.
Tobias Brunner [Fri, 4 Nov 2011 11:20:21 +0000 (12:20 +0100)]
Don't build pluto and starter by default on Android.

9 years agoif available link libsimaka to checksum_builder
Andreas Steffen [Fri, 4 Nov 2011 10:27:05 +0000 (11:27 +0100)]
if available link libsimaka to checksum_builder

9 years agouse the correct USE_SIMAKA conditional
Andreas Steffen [Fri, 4 Nov 2011 07:38:09 +0000 (08:38 +0100)]
use the correct USE_SIMAKA conditional

9 years agoadded integrity test to rw-eap-sim-rsa and rw-eap-aka-rsa scenarios
Andreas Steffen [Fri, 4 Nov 2011 07:35:33 +0000 (08:35 +0100)]
added integrity test to rw-eap-sim-rsa and rw-eap-aka-rsa scenarios

9 years agofixed integrity tests of plugins using libsimaka
Andreas Steffen [Thu, 3 Nov 2011 21:04:36 +0000 (22:04 +0100)]
fixed integrity tests of plugins using libsimaka

9 years agoChange order of ocsp uris when parsing a cert
Thomas Egerer [Fri, 4 Nov 2011 08:25:07 +0000 (09:25 +0100)]
Change order of ocsp uris when parsing a cert

9 years agoHandle certificates being on hold in a CRL
Thomas Egerer [Fri, 4 Nov 2011 08:25:05 +0000 (09:25 +0100)]
Handle certificates being on hold in a CRL

Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.

9 years agoMemwipe request after sa update, too
Thomas Egerer [Fri, 4 Nov 2011 08:25:01 +0000 (09:25 +0100)]
Memwipe request after sa update, too

9 years agoUse chunk_clear to memwipe shared secret
Thomas Egerer [Fri, 4 Nov 2011 08:24:58 +0000 (09:24 +0100)]
Use chunk_clear to memwipe shared secret

9 years agoChange order of destroy/get_ref function calls
Thomas Egerer [Fri, 4 Nov 2011 08:24:51 +0000 (09:24 +0100)]
Change order of destroy/get_ref function calls

Since DESTROY_IF might destroy the peer_cfg, a get_ref on a freed object
is subject to fail.

9 years agoFix resource leak in x509_ocsp_response
Thomas Egerer [Fri, 4 Nov 2011 08:24:47 +0000 (09:24 +0100)]
Fix resource leak in x509_ocsp_response

9 years agoExtend xfrm_attr_type_names by newly added enum values
Thomas Egerer [Fri, 4 Nov 2011 08:24:38 +0000 (09:24 +0100)]
Extend xfrm_attr_type_names by newly added enum values

9 years agoSilently install route again, even if it did not change.
Tobias Brunner [Fri, 4 Nov 2011 09:03:48 +0000 (10:03 +0100)]
Silently install route again, even if it did not change.

Address/interface changes can cause the route to disappear. Afterwards
the route might look the same but that does not mean it is still installed.

9 years agoCompile warning fixed in kernel interfaces.
Tobias Brunner [Fri, 4 Nov 2011 08:58:58 +0000 (09:58 +0100)]
Compile warning fixed in kernel interfaces.

9 years agoCommon spelling errors fixed.
Tobias Brunner [Thu, 3 Nov 2011 18:30:17 +0000 (19:30 +0100)]
Common spelling errors fixed.

9 years agoNEWS about pkcs11 plugin added.
Tobias Brunner [Thu, 3 Nov 2011 17:39:42 +0000 (18:39 +0100)]
NEWS about pkcs11 plugin added.

9 years agopkcs11: Documented use_pubkey option in strongswan.conf(5).
Tobias Brunner [Thu, 3 Nov 2011 17:36:34 +0000 (18:36 +0100)]
pkcs11: Documented use_pubkey option in strongswan.conf(5).

9 years agopkcs11: Make public key operations on tokens optional.
Tobias Brunner [Thu, 3 Nov 2011 16:56:40 +0000 (17:56 +0100)]
pkcs11: Make public key operations on tokens optional.

9 years agopkcs11: Make sure a key can be used for a given signature scheme.
Tobias Brunner [Wed, 2 Nov 2011 19:25:39 +0000 (20:25 +0100)]
pkcs11: Make sure a key can be used for a given signature scheme.

9 years agopkcs11: Register ECDSA feature.
Tobias Brunner [Wed, 2 Nov 2011 18:24:57 +0000 (19:24 +0100)]
pkcs11: Register ECDSA feature.

9 years agopkcs11: We have to create our own hashes for some signature schemes.
Tobias Brunner [Wed, 2 Nov 2011 18:23:05 +0000 (19:23 +0100)]
pkcs11: We have to create our own hashes for some signature schemes.

9 years agopkcs11: Lookup the public key of a private key by CKA_ID.
Tobias Brunner [Wed, 2 Nov 2011 18:11:46 +0000 (19:11 +0100)]
pkcs11: Lookup the public key of a private key by CKA_ID.

Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.

9 years agopkcs11: Search for private keys in a more generic way.
Tobias Brunner [Wed, 2 Nov 2011 18:07:23 +0000 (19:07 +0100)]
pkcs11: Search for private keys in a more generic way.

Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.

9 years agopkcs11: Added support to encode ECDSA public keys.
Tobias Brunner [Wed, 2 Nov 2011 18:04:43 +0000 (19:04 +0100)]
pkcs11: Added support to encode ECDSA public keys.

9 years agopkcs11: Parse ECDSA public keys and find/create them on tokens.
Tobias Brunner [Wed, 2 Nov 2011 17:59:48 +0000 (18:59 +0100)]
pkcs11: Parse ECDSA public keys and find/create them on tokens.

9 years agopkcs11: Added generic functions to find/create public keys on tokens.
Tobias Brunner [Wed, 2 Nov 2011 17:57:57 +0000 (18:57 +0100)]
pkcs11: Added generic functions to find/create public keys on tokens.

9 years agopkcs11: Store public key length in bits.
Tobias Brunner [Wed, 2 Nov 2011 17:48:51 +0000 (18:48 +0100)]
pkcs11: Store public key length in bits.

9 years agopkcs11: Fix encoding of RSA public keys.
Tobias Brunner [Wed, 2 Nov 2011 17:43:27 +0000 (18:43 +0100)]
pkcs11: Fix encoding of RSA public keys.

9 years agopkcs11: Use create_object_attr_enumerator to encode RSA public key.
Tobias Brunner [Wed, 2 Nov 2011 17:38:52 +0000 (18:38 +0100)]
pkcs11: Use create_object_attr_enumerator to encode RSA public key.

9 years agopkcs11: Instead of a mutex use a new session to do multipart operations.
Tobias Brunner [Wed, 2 Nov 2011 16:24:37 +0000 (17:24 +0100)]
pkcs11: Instead of a mutex use a new session to do multipart operations.

9 years agopkcs11: Function added to retrieve multiple attributes from a single object.
Tobias Brunner [Wed, 2 Nov 2011 16:09:43 +0000 (17:09 +0100)]
pkcs11: Function added to retrieve multiple attributes from a single object.

9 years agopkcs11: Memory leak fixed in DH/ECDH implementation.
Tobias Brunner [Wed, 2 Nov 2011 16:00:58 +0000 (17:00 +0100)]
pkcs11: Memory leak fixed in DH/ECDH implementation.

9 years agopkcs11: Invalid free fixed in DH/ECDH implementation.
Tobias Brunner [Wed, 2 Nov 2011 16:00:27 +0000 (17:00 +0100)]
pkcs11: Invalid free fixed in DH/ECDH implementation.

9 years agopkcs11: Changed how pkcs11-manager is initialized.
Tobias Brunner [Wed, 2 Nov 2011 10:24:25 +0000 (11:24 +0100)]
pkcs11: Changed how pkcs11-manager is initialized.

The manager is now created directly, but events and certificate loading
is deferred.

9 years agopkcs11: Add attributes to specify what we use the DH/ECDH keys for.
Tobias Brunner [Tue, 1 Nov 2011 10:05:49 +0000 (11:05 +0100)]
pkcs11: Add attributes to specify what we use the DH/ECDH keys for.

9 years agoversion bump to 4.6.0
Andreas Steffen [Wed, 2 Nov 2011 08:30:45 +0000 (09:30 +0100)]
version bump to 4.6.0

9 years agoenable integrity test in tnc/tnccs-dynamic scenario
Andreas Steffen [Wed, 2 Nov 2011 08:30:18 +0000 (09:30 +0100)]
enable integrity test in tnc/tnccs-dynamic scenario

9 years agocharon must load libtls if available
Andreas Steffen [Wed, 2 Nov 2011 08:28:09 +0000 (09:28 +0100)]
charon must load libtls if available

9 years agofixed integrity tests of plugins using libtls or libtnccs
Andreas Steffen [Wed, 2 Nov 2011 05:41:48 +0000 (06:41 +0100)]
fixed integrity tests of plugins using libtls or libtnccs

9 years agoremoved xcbc plugin from sql scenarios
Andreas Steffen [Mon, 31 Oct 2011 23:16:35 +0000 (00:16 +0100)]
removed xcbc plugin from sql scenarios

9 years agotnc-tnccs plugin is now included in integrity tests
Andreas Steffen [Mon, 31 Oct 2011 22:29:49 +0000 (23:29 +0100)]
tnc-tnccs plugin is now included in integrity tests

9 years agopkcs11: Allow to build pkcs11 plugin on Android.
Tobias Brunner [Mon, 31 Oct 2011 17:55:27 +0000 (18:55 +0100)]
pkcs11: Allow to build pkcs11 plugin on Android.

9 years agopkcs11: Documented new options in strongswan.conf(5).
Tobias Brunner [Mon, 31 Oct 2011 17:50:10 +0000 (18:50 +0100)]
pkcs11: Documented new options in strongswan.conf(5).

9 years agopkcs11: Register the pkcs11 plugin before any other crypto plugins.
Tobias Brunner [Mon, 31 Oct 2011 16:33:26 +0000 (17:33 +0100)]
pkcs11: Register the pkcs11 plugin before any other crypto plugins.

This is what most users probably expect when they enable the pkcs11
plugin.  All advanced features (like DH/RNG) are disabled by default.

9 years agopkcs11: Use callback registration for pkcs11-manager.
Tobias Brunner [Mon, 31 Oct 2011 16:31:25 +0000 (17:31 +0100)]
pkcs11: Use callback registration for pkcs11-manager.

Otherwise a plugin providing X509 decoding capabilities might be unloaded
before the manager which will result in a segmentation fault when
certificates in the manager's credential sets are to be destroyed.

9 years agopkcs11: Merged the ECDH into the DH implementation.
Tobias Brunner [Fri, 28 Oct 2011 18:59:03 +0000 (20:59 +0200)]
pkcs11: Merged the ECDH into the DH implementation.

9 years agopkcs11: Use get_ck_attribute for ECDH.
Tobias Brunner [Fri, 28 Oct 2011 16:50:22 +0000 (18:50 +0200)]
pkcs11: Use get_ck_attribute for ECDH.

9 years agopkcs11: Use get_ck_attribute for DH.
Tobias Brunner [Fri, 28 Oct 2011 16:49:31 +0000 (18:49 +0200)]
pkcs11: Use get_ck_attribute for DH.

9 years agopkcs11: Method added to library to extract a single attribute from an object.
Tobias Brunner [Fri, 28 Oct 2011 16:36:44 +0000 (18:36 +0200)]
pkcs11: Method added to library to extract a single attribute from an object.

9 years agopkcs11: Added names for CKA_* constants.
Tobias Brunner [Fri, 28 Oct 2011 16:07:02 +0000 (18:07 +0200)]
pkcs11: Added names for CKA_* constants.

9 years agopkcs11: Added support for ECDH.
Tobias Brunner [Wed, 26 Oct 2011 14:11:24 +0000 (16:11 +0200)]
pkcs11: Added support for ECDH.

9 years agopkcs11: Added definitions needed for ECDH to pkcs11.h.
Tobias Brunner [Wed, 26 Oct 2011 14:07:25 +0000 (16:07 +0200)]
pkcs11: Added definitions needed for ECDH to pkcs11.h.

9 years agopkcs11: Specify object class and key type when deriving DH secrets.
Tobias Brunner [Tue, 25 Oct 2011 16:23:59 +0000 (18:23 +0200)]
pkcs11: Specify object class and key type when deriving DH secrets.

pkcs11_softtoken on OpenSolaris requires this (probably others too).

9 years agopkcs11: Add features support.
Tobias Brunner [Tue, 25 Oct 2011 13:51:41 +0000 (15:51 +0200)]
pkcs11: Add features support.

9 years agopkcs11: Added support for DH.
Tobias Brunner [Tue, 25 Oct 2011 08:29:07 +0000 (10:29 +0200)]
pkcs11: Added support for DH.

9 years agopkcs11: Error message fixed.
Tobias Brunner [Tue, 25 Oct 2011 07:54:17 +0000 (09:54 +0200)]
pkcs11: Error message fixed.

9 years agopkcs11: Added support to generate random numbers on a token.
Tobias Brunner [Mon, 24 Oct 2011 14:39:59 +0000 (16:39 +0200)]
pkcs11: Added support to generate random numbers on a token.

9 years agopkcs11: Properly destroy mutex in pkcs11_hasher if no token found.
Tobias Brunner [Mon, 24 Oct 2011 14:36:55 +0000 (16:36 +0200)]
pkcs11: Properly destroy mutex in pkcs11_hasher if no token found.

9 years agoAdded features support to agent plugin
Andreas Steffen [Sun, 30 Oct 2011 16:59:23 +0000 (17:59 +0100)]
Added features support to agent plugin

9 years agoAdded features support to dnskey plugin
Andreas Steffen [Sun, 30 Oct 2011 16:57:16 +0000 (17:57 +0100)]
Added features support to dnskey plugin

9 years agoAdded features support to pgp plugin
Andreas Steffen [Sun, 30 Oct 2011 16:52:13 +0000 (17:52 +0100)]
Added features support to pgp plugin

9 years agoAdded features support to pkcs1 plugin
Andreas Steffen [Sun, 30 Oct 2011 16:44:35 +0000 (17:44 +0100)]
Added features support to pkcs1 plugin

9 years agoadded newline
Andreas Steffen [Sun, 30 Oct 2011 16:43:55 +0000 (17:43 +0100)]
added newline

9 years agoremove pem_encoder_encode
Andreas Steffen [Sun, 30 Oct 2011 16:21:57 +0000 (17:21 +0100)]
remove pem_encoder_encode

9 years agoAdd features support to pem plugin
Andreas Steffen [Sun, 30 Oct 2011 16:15:53 +0000 (17:15 +0100)]
Add features support to pem plugin

9 years agoSome Doxygen fixes.
Tobias Brunner [Fri, 28 Oct 2011 19:24:52 +0000 (21:24 +0200)]
Some Doxygen fixes.

9 years agoCopyright fixed.
Tobias Brunner [Fri, 28 Oct 2011 19:07:35 +0000 (21:07 +0200)]
Copyright fixed.

9 years agopluto: Compile warning fixed.
Tobias Brunner [Thu, 27 Oct 2011 13:42:44 +0000 (15:42 +0200)]
pluto: Compile warning fixed.

9 years agopluto: plugin_list.* added to Android.mk.
Tobias Brunner [Thu, 27 Oct 2011 13:42:10 +0000 (15:42 +0200)]
pluto: plugin_list.* added to Android.mk.

9 years agoAdded missing backslash.
Tobias Brunner [Thu, 27 Oct 2011 13:41:30 +0000 (15:41 +0200)]
Added missing backslash.

9 years agoForgot to add Android.mk in ba5b559b41fa70261c4f181f516acee272379a71.
Tobias Brunner [Wed, 26 Oct 2011 16:31:34 +0000 (18:31 +0200)]
Forgot to add Android.mk in ba5b559b41fa70261c4f181f516acee272379a71.

9 years agoDestroy objects hashtable after plugin_manager.
Tobias Brunner [Wed, 26 Oct 2011 15:35:18 +0000 (17:35 +0200)]
Destroy objects hashtable after plugin_manager.

If plugins are not explicitly unloaded before library_deinit is called
there could have been a segfault because some plugins might unregister
objects during unloading/destruction.

9 years agoAdd features support to pubkey plugin
Andreas Steffen [Wed, 26 Oct 2011 10:16:54 +0000 (12:16 +0200)]
Add features support to pubkey plugin

9 years agoAdd features support to x509 plugin
Andreas Steffen [Wed, 26 Oct 2011 10:09:03 +0000 (12:09 +0200)]
Add features support to x509 plugin

9 years agoCosmetics
Andreas Steffen [Wed, 26 Oct 2011 08:32:54 +0000 (10:32 +0200)]
Cosmetics

9 years agoadded listplugins support to pluto and whack
Andreas Steffen [Wed, 26 Oct 2011 08:31:48 +0000 (10:31 +0200)]
added listplugins support to pluto and whack

9 years agoadd listplugins to ipsec shell command
Andreas Steffen [Wed, 26 Oct 2011 07:30:58 +0000 (09:30 +0200)]
add listplugins to ipsec shell command

9 years agoversion bump to 4.6.0rc3
Andreas Steffen [Wed, 26 Oct 2011 07:17:57 +0000 (09:17 +0200)]
version bump to 4.6.0rc3