strongswan.git
8 years agoCheck rng return value when generating nonces in eap-aka plugin
Tobias Brunner [Fri, 6 Jul 2012 08:09:25 +0000 (10:09 +0200)]
Check rng return value when generating nonces in eap-aka plugin

8 years agoCheck rng return value when generating nonces in eap-sim plugin
Tobias Brunner [Fri, 6 Jul 2012 08:02:41 +0000 (10:02 +0200)]
Check rng return value when generating nonces in eap-sim plugin

8 years agoCheck rng return value when generating nonces in libpts
Tobias Brunner [Mon, 25 Jun 2012 14:08:11 +0000 (16:08 +0200)]
Check rng return value when generating nonces in libpts

8 years agoCheck rng return value when generating RAND in eap-aka-3gpp2 plugin
Tobias Brunner [Mon, 25 Jun 2012 13:58:50 +0000 (15:58 +0200)]
Check rng return value when generating RAND in eap-aka-3gpp2 plugin

8 years agoCheck rng return value when generating challenges in eap-md5 and mschapv2 plugins
Tobias Brunner [Mon, 25 Jun 2012 13:57:13 +0000 (15:57 +0200)]
Check rng return value when generating challenges in eap-md5 and mschapv2 plugins

8 years agoCheck rng return value when generating Transaction IDs in DHCP plugin
Tobias Brunner [Mon, 25 Jun 2012 13:56:31 +0000 (15:56 +0200)]
Check rng return value when generating Transaction IDs in DHCP plugin

8 years agoCheck rng return value when generating SPIs in kernel-klips plugin
Tobias Brunner [Mon, 25 Jun 2012 14:02:13 +0000 (16:02 +0200)]
Check rng return value when generating SPIs in kernel-klips plugin

8 years agoCheck rng return value when seeding OpenSSL RNG
Tobias Brunner [Mon, 25 Jun 2012 14:07:12 +0000 (16:07 +0200)]
Check rng return value when seeding OpenSSL RNG

8 years agoCheck rng return value when generating DH secret in gcrypt plugin
Tobias Brunner [Mon, 25 Jun 2012 14:10:46 +0000 (16:10 +0200)]
Check rng return value when generating DH secret in gcrypt plugin

8 years agoCheck rng return value when generating DH secrets and primes in gmp plugin
Tobias Brunner [Mon, 25 Jun 2012 14:09:00 +0000 (16:09 +0200)]
Check rng return value when generating DH secrets and primes in gmp plugin

8 years agoCheck rng return value when generating serial numbers in pki utility
Tobias Brunner [Mon, 25 Jun 2012 14:03:53 +0000 (16:03 +0200)]
Check rng return value when generating serial numbers in pki utility

8 years agoWrapper functions added to generate non-zero random bytes
Tobias Brunner [Mon, 25 Jun 2012 12:34:14 +0000 (14:34 +0200)]
Wrapper functions added to generate non-zero random bytes

8 years agoCheck rng return value when generating SCEP sender nonce
Tobias Brunner [Fri, 6 Jul 2012 08:49:46 +0000 (10:49 +0200)]
Check rng return value when generating SCEP sender nonce

8 years agoCheck rng return value when generating OCSP nonces
Tobias Brunner [Mon, 25 Jun 2012 14:06:59 +0000 (16:06 +0200)]
Check rng return value when generating OCSP nonces

8 years agoCheck rng return value when generating key and IV in PKCS#7 wrapper
Tobias Brunner [Mon, 25 Jun 2012 14:13:49 +0000 (16:13 +0200)]
Check rng return value when generating key and IV in PKCS#7 wrapper

8 years agoCheck rng return value when generating ME CONNECT_ID and KEY
Tobias Brunner [Mon, 25 Jun 2012 14:01:51 +0000 (16:01 +0200)]
Check rng return value when generating ME CONNECT_ID and KEY

8 years agoCheck rng return value when generating IKEv1 message IDs
Tobias Brunner [Mon, 25 Jun 2012 13:59:48 +0000 (15:59 +0200)]
Check rng return value when generating IKEv1 message IDs

8 years agoCheck rng return value when generating COOKIE2 during MOBIKE
Tobias Brunner [Fri, 6 Jul 2012 08:54:06 +0000 (10:54 +0200)]
Check rng return value when generating COOKIE2 during MOBIKE

8 years agoCheck rng return value when generating COOKIE secret in receiver
Tobias Brunner [Mon, 25 Jun 2012 13:55:44 +0000 (15:55 +0200)]
Check rng return value when generating COOKIE secret in receiver

8 years agoCheck rng return value when generating fake NAT detection payloads
Tobias Brunner [Mon, 25 Jun 2012 14:00:48 +0000 (16:00 +0200)]
Check rng return value when generating fake NAT detection payloads

8 years agoCheck rng return value when encrypting encryption payload
Tobias Brunner [Mon, 25 Jun 2012 13:54:57 +0000 (15:54 +0200)]
Check rng return value when encrypting encryption payload

8 years agoCheck rng return value when generating SPIs in ike_sa_manager_t
Tobias Brunner [Fri, 6 Jul 2012 08:46:34 +0000 (10:46 +0200)]
Check rng return value when generating SPIs in ike_sa_manager_t

8 years agoCheck rng return value in crypto tester
Tobias Brunner [Mon, 25 Jun 2012 14:14:30 +0000 (16:14 +0200)]
Check rng return value in crypto tester

8 years agoRelay rng return value in nonce plugin
Tobias Brunner [Mon, 25 Jun 2012 14:07:40 +0000 (16:07 +0200)]
Relay rng return value in nonce plugin

8 years agoRNGs' get_bytes and allocate_bytes return boolean
Tobias Brunner [Mon, 25 Jun 2012 11:22:54 +0000 (13:22 +0200)]
RNGs' get_bytes and allocate_bytes return boolean

8 years agoNonce: Let get_nonce, allocate_nonce return boolean
Reto Buerki [Tue, 12 Jun 2012 08:54:02 +0000 (10:54 +0200)]
Nonce: Let get_nonce, allocate_nonce return boolean

8 years agoAdd a return value to prf_t.set_key()
Martin Willi [Fri, 6 Jul 2012 09:57:01 +0000 (11:57 +0200)]
Add a return value to prf_t.set_key()

8 years agoAdd a return value to prf_t.allocate_bytes()
Martin Willi [Fri, 6 Jul 2012 09:28:27 +0000 (11:28 +0200)]
Add a return value to prf_t.allocate_bytes()

8 years agoUse a bool return value in keymat_v1_t.get_hash_phase2()
Martin Willi [Fri, 6 Jul 2012 09:16:49 +0000 (11:16 +0200)]
Use a bool return value in keymat_v1_t.get_hash_phase2()

8 years agoAdd a return value to keymat_v1_t.get_hash()
Martin Willi [Fri, 6 Jul 2012 09:07:39 +0000 (11:07 +0200)]
Add a return value to keymat_v1_t.get_hash()

8 years agoAdd a return value to keymat_v2_t.get_auth_octets()
Martin Willi [Fri, 6 Jul 2012 08:58:19 +0000 (10:58 +0200)]
Add a return value to keymat_v2_t.get_auth_octets()

8 years agoAdd a return value to keymat_v2_t.get_psk_sig()
Martin Willi [Fri, 6 Jul 2012 08:47:20 +0000 (10:47 +0200)]
Add a return value to keymat_v2_t.get_psk_sig()

8 years agoAdd a return value to prf_t.get_bytes()
Martin Willi [Fri, 6 Jul 2012 08:14:29 +0000 (10:14 +0200)]
Add a return value to prf_t.get_bytes()

8 years agoAdd a return value to tls_prf_t.set_key()
Martin Willi [Fri, 6 Jul 2012 07:49:25 +0000 (09:49 +0200)]
Add a return value to tls_prf_t.set_key()

8 years agoAdd a return value to tls_prf_t.get_bytes()
Martin Willi [Fri, 6 Jul 2012 07:49:16 +0000 (09:49 +0200)]
Add a return value to tls_prf_t.get_bytes()

8 years agoprf_plus_create() can return NULL on failure
Martin Willi [Fri, 6 Jul 2012 06:43:58 +0000 (08:43 +0200)]
prf_plus_create() can return NULL on failure

8 years agoAdd a return value to prf_plus_t.get_bytes()
Martin Willi [Fri, 6 Jul 2012 06:39:15 +0000 (08:39 +0200)]
Add a return value to prf_plus_t.get_bytes()

8 years agoAdd a return value to prf_plus_t.allocate_bytes()
Martin Willi [Fri, 6 Jul 2012 06:24:24 +0000 (08:24 +0200)]
Add a return value to prf_plus_t.allocate_bytes()

8 years agoAdd a return value to signer_t.set_key()
Martin Willi [Fri, 6 Jul 2012 07:33:10 +0000 (09:33 +0200)]
Add a return value to signer_t.set_key()

8 years agoAdd a return value to tls_crypto_t.derive_secrets()
Martin Willi [Fri, 6 Jul 2012 07:28:25 +0000 (09:28 +0200)]
Add a return value to tls_crypto_t.derive_secrets()

8 years agoAdd a return value to simaka_crypto_t.derive_keys_*()
Martin Willi [Fri, 6 Jul 2012 06:57:18 +0000 (08:57 +0200)]
Add a return value to simaka_crypto_t.derive_keys_*()

8 years agoAdd a return value to signer_t.get_signature()
Martin Willi [Thu, 5 Jul 2012 16:21:58 +0000 (18:21 +0200)]
Add a return value to signer_t.get_signature()

8 years agoAdd a return value to radius_message_t.sign()
Martin Willi [Thu, 5 Jul 2012 16:11:26 +0000 (18:11 +0200)]
Add a return value to radius_message_t.sign()

8 years agoAdd a return value to simaka_message_t.generate()
Martin Willi [Thu, 5 Jul 2012 16:04:41 +0000 (18:04 +0200)]
Add a return value to simaka_message_t.generate()

8 years agoAdd a return value to signer_t.allocate_signature()
Martin Willi [Thu, 5 Jul 2012 15:26:12 +0000 (17:26 +0200)]
Add a return value to signer_t.allocate_signature()

8 years agoAdd a return value to aead_t.set_key()
Martin Willi [Thu, 5 Jul 2012 15:19:23 +0000 (17:19 +0200)]
Add a return value to aead_t.set_key()

8 years agoAdd a return value to aead_t.encrypt()
Martin Willi [Thu, 5 Jul 2012 15:10:17 +0000 (17:10 +0200)]
Add a return value to aead_t.encrypt()

8 years agoipsec attest now can measure all files in a directory
Andreas Steffen [Mon, 16 Jul 2012 07:53:32 +0000 (09:53 +0200)]
ipsec attest now can measure all files in a directory

8 years agomoved listing of file measurements to pts_file_meas
Andreas Steffen [Fri, 13 Jul 2012 20:15:13 +0000 (22:15 +0200)]
moved listing of file measurements to pts_file_meas

8 years agomoved to debug level 3
Andreas Steffen [Fri, 13 Jul 2012 19:25:43 +0000 (21:25 +0200)]
moved to  debug level 3

8 years agoCompilation error fixed if dladdr is not available
Tobias Brunner [Sat, 14 Jul 2012 09:43:40 +0000 (11:43 +0200)]
Compilation error fixed if dladdr is not available

8 years agoDon't modify the message string passed to logger, as it gets reused
Martin Willi [Fri, 13 Jul 2012 13:42:14 +0000 (15:42 +0200)]
Don't modify the message string passed to logger, as it gets reused

8 years agotransfer IMA file measurements via PA-TNC
Andreas Steffen [Fri, 13 Jul 2012 12:46:36 +0000 (14:46 +0200)]
transfer IMA file measurements via PA-TNC

8 years agosome more copyright updates
Andreas Steffen [Fri, 13 Jul 2012 10:13:48 +0000 (12:13 +0200)]
some more copyright updates

8 years agoInvoke autoheader after libtool/aclocal to work on up-to-date data
Martin Willi [Fri, 13 Jul 2012 11:43:38 +0000 (13:43 +0200)]
Invoke autoheader after libtool/aclocal to work on up-to-date data

8 years agoSilence cast warning on 32-bit platforms
Martin Willi [Fri, 13 Jul 2012 11:43:16 +0000 (13:43 +0200)]
Silence cast warning on 32-bit platforms

8 years agoDon't set BFD_DECOMPRESS when building against older binutils
Martin Willi [Fri, 13 Jul 2012 11:42:31 +0000 (13:42 +0200)]
Don't set BFD_DECOMPRESS when building against older binutils

8 years agoLog to a malloc()ed buffer if the on-stack buffer is not large enough
Martin Willi [Fri, 13 Jul 2012 11:21:07 +0000 (13:21 +0200)]
Log to a malloc()ed buffer if the on-stack buffer is not large enough

8 years agoAppend directly to base string in vstr printf hooks
Martin Willi [Fri, 13 Jul 2012 10:12:24 +0000 (12:12 +0200)]
Append directly to base string in vstr printf hooks

8 years agoWrite directly to FILE stream in glibc printf hooks
Martin Willi [Fri, 13 Jul 2012 09:46:39 +0000 (11:46 +0200)]
Write directly to FILE stream in glibc printf hooks

8 years agoPass opaque data to printf hooks and print_in_hook()
Martin Willi [Fri, 13 Jul 2012 09:38:29 +0000 (11:38 +0200)]
Pass opaque data to printf hooks and print_in_hook()

8 years agoIncrease leak detective backtrace depth by a frame
Martin Willi [Thu, 12 Jul 2012 07:27:20 +0000 (09:27 +0200)]
Increase leak detective backtrace depth by a frame

8 years agoDon't access tail magic when reallocating invalid memory, as it would crash
Martin Willi [Thu, 12 Jul 2012 07:26:33 +0000 (09:26 +0200)]
Don't access tail magic when reallocating invalid memory, as it would crash

8 years agoWith --enable-bfd-backtraces, use binutils libbfd to resolve backtraces
Martin Willi [Wed, 11 Jul 2012 15:37:09 +0000 (17:37 +0200)]
With --enable-bfd-backtraces, use binutils libbfd to resolve backtraces

The invocation of addr2line to resolve backtrace source locations
is slow and cumbersome. When using libbfd directly, we can eliminate
the overhead of the process invocation. Even better, we can cache
library symbol names, bringing wicked fast lookups. As a neat bonus,
we can resolve static function names.

8 years agoAdd an external method to disable leak detective temporarly
Martin Willi [Wed, 11 Jul 2012 15:08:30 +0000 (17:08 +0200)]
Add an external method to disable leak detective temporarly

8 years agoSimplify NAT-D payload creation if UDP encapsulation is forced
Tobias Brunner [Fri, 13 Jul 2012 09:13:43 +0000 (11:13 +0200)]
Simplify NAT-D payload creation if UDP encapsulation is forced

We don't need any address lookups in that case as the content of the
payload is generated randomly anyway.

8 years agoadded PA-TNC max_msg_len option to man page
Andreas Steffen [Fri, 13 Jul 2012 09:02:23 +0000 (11:02 +0200)]
added PA-TNC max_msg_len option to man page

8 years agoupdated Copyright info
Andreas Steffen [Fri, 13 Jul 2012 08:42:40 +0000 (10:42 +0200)]
updated Copyright info

8 years agowait for the finalization of the Functional Component measurements
Andreas Steffen [Fri, 13 Jul 2012 08:06:43 +0000 (10:06 +0200)]
wait for the finalization of the Functional Component measurements

8 years agorestrict PA-TNC message siz only if upper limit is defined
Andreas Steffen [Thu, 12 Jul 2012 20:18:24 +0000 (22:18 +0200)]
restrict PA-TNC message siz only if upper limit is defined

8 years agoa curly bracket got lost
Andreas Steffen [Thu, 12 Jul 2012 19:19:55 +0000 (21:19 +0200)]
a curly bracket got lost

8 years agodestroy oversized attributes
Andreas Steffen [Thu, 12 Jul 2012 19:17:28 +0000 (21:17 +0200)]
destroy oversized attributes

8 years agoprevent endless loop with oversize attributes
Andreas Steffen [Thu, 12 Jul 2012 19:14:21 +0000 (21:14 +0200)]
prevent endless loop with oversize attributes

8 years agorestrict PA-TNC messages to maximum size
Andreas Steffen [Thu, 12 Jul 2012 18:01:32 +0000 (20:01 +0200)]
restrict PA-TNC messages to maximum size

8 years agorefactored PA-TNC attribute error handling
Andreas Steffen [Thu, 12 Jul 2012 11:39:27 +0000 (13:39 +0200)]
refactored PA-TNC attribute error handling

8 years agofixed memory leak in the IETF standard error handling
Andreas Steffen [Thu, 12 Jul 2012 11:38:44 +0000 (13:38 +0200)]
fixed memory leak in the IETF standard error handling

8 years agostatic upper size limit for PA-TNC messages
Andreas Steffen [Thu, 12 Jul 2012 10:49:49 +0000 (12:49 +0200)]
static upper size limit for PA-TNC messages

8 years agoAvoid that any % characters (e.g. in %any) are evaluated when logging via stroke
Tobias Brunner [Thu, 12 Jul 2012 14:58:00 +0000 (16:58 +0200)]
Avoid that any % characters (e.g. in %any) are evaluated when logging via stroke

8 years agoAdded PLUGIN_NOOP to separate PLUGIN_PROVIDE from previous CALLBACK/REGISTER entries
Tobias Brunner [Thu, 12 Jul 2012 14:52:01 +0000 (16:52 +0200)]
Added PLUGIN_NOOP to separate PLUGIN_PROVIDE from previous CALLBACK/REGISTER entries

8 years agoAndroid.mk of libstrongswan adapted to config.h changes
Tobias Brunner [Thu, 12 Jul 2012 07:56:44 +0000 (09:56 +0200)]
Android.mk of libstrongswan adapted to config.h changes

8 years agoProperly cleanup thread-local values for the threads destroying thread_value_t objects
Tobias Brunner [Thu, 12 Jul 2012 07:34:56 +0000 (09:34 +0200)]
Properly cleanup thread-local values for the threads destroying thread_value_t objects

8 years agoSet a sane default if --with-dev-headers is given without path
Martin Willi [Thu, 12 Jul 2012 06:39:54 +0000 (08:39 +0200)]
Set a sane default if --with-dev-headers is given without path

8 years agofixed a memory leak in imc|imv_agent
Andreas Steffen [Wed, 11 Jul 2012 22:03:24 +0000 (00:03 +0200)]
fixed a memory leak in imc|imv_agent

8 years agoimc/imv->send_message() uses attr_list
Andreas Steffen [Wed, 11 Jul 2012 21:34:51 +0000 (23:34 +0200)]
imc/imv->send_message() uses attr_list

8 years agoremoved unused variables
Andreas Steffen [Wed, 11 Jul 2012 21:15:44 +0000 (23:15 +0200)]
removed unused variables

8 years agofixed libstrongswan/Makefile.am
Andreas Steffen [Wed, 11 Jul 2012 21:13:55 +0000 (23:13 +0200)]
fixed libstrongswan/Makefile.am

8 years agoUse "-include config.h" when building ruby dumm extension
Martin Willi [Wed, 11 Jul 2012 16:06:37 +0000 (18:06 +0200)]
Use "-include config.h" when building ruby dumm extension

8 years agoversion bump to 5.0.1dr1
Andreas Steffen [Wed, 11 Jul 2012 15:46:45 +0000 (17:46 +0200)]
version bump to 5.0.1dr1

8 years agofixed logging of unsupported TNCCS version
Andreas Steffen [Wed, 11 Jul 2012 11:13:12 +0000 (13:13 +0200)]
fixed logging of unsupported TNCCS version

8 years agoPB-TNC Client sends empty CLOSE batch only in DECIDED state
Andreas Steffen [Wed, 11 Jul 2012 11:06:36 +0000 (13:06 +0200)]
PB-TNC Client sends empty CLOSE batch only in DECIDED state

8 years agohave_recommendation() accepts NULL arguments
Andreas Steffen [Wed, 11 Jul 2012 11:02:19 +0000 (13:02 +0200)]
have_recommendation() accepts NULL arguments

8 years agosend empty SDATA batch if no recommendation is available yet, but in order to avoid...
Andreas Steffen [Wed, 11 Jul 2012 10:21:29 +0000 (12:21 +0200)]
send empty SDATA batch if no recommendation is available yet, but in order to avoid loops only if no empty CDATA batch was received

8 years agomoved batch size calculation into pb_tnc_batch_t
Andreas Steffen [Wed, 11 Jul 2012 08:00:48 +0000 (10:00 +0200)]
moved batch size calculation into pb_tnc_batch_t

8 years agomake maximum PB-TNC batch size configurable
Andreas Steffen [Wed, 11 Jul 2012 07:23:45 +0000 (09:23 +0200)]
make maximum PB-TNC batch size configurable

8 years agolimit the size of a PB-TNC batch to the maximum EAP-TNC packet size
Andreas Steffen [Tue, 10 Jul 2012 20:51:49 +0000 (22:51 +0200)]
limit the size of a PB-TNC batch to the maximum EAP-TNC packet size

8 years agoremove pluto logging
Andreas Steffen [Mon, 9 Jul 2012 22:23:14 +0000 (00:23 +0200)]
remove pluto logging

8 years agoeliminate message length field in EAP-TNC
Andreas Steffen [Mon, 9 Jul 2012 20:08:04 +0000 (22:08 +0200)]
eliminate message length field in EAP-TNC

8 years agoadded charon.plugins.eap-tnc.protocol option
Andreas Steffen [Mon, 9 Jul 2012 19:04:13 +0000 (21:04 +0200)]
added charon.plugins.eap-tnc.protocol option

8 years agodue to single fragment, total length does not have to be included
Andreas Steffen [Mon, 9 Jul 2012 18:58:51 +0000 (20:58 +0200)]
due to single fragment, total length does not have to be included

8 years agoEAP-TNC does not support fragmentation
Andreas Steffen [Mon, 9 Jul 2012 18:56:19 +0000 (20:56 +0200)]
EAP-TNC does not support fragmentation