strongswan.git
11 years agoupdated stroke plugin to fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:20:59 +0000 (14:20 +0200)]
updated stroke plugin to fingerprinting API

11 years agoupdated charon to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:20:29 +0000 (14:20 +0200)]
updated charon to new fingerprinting API

11 years agoupdated pluto to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:19:51 +0000 (14:19 +0200)]
updated pluto to new fingerprinting API

11 years agoupdated scepclient to new encoding API
Martin Willi [Mon, 24 Aug 2009 12:19:16 +0000 (14:19 +0200)]
updated scepclient to new encoding API

11 years agoupdated pubkey plugin to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:15:03 +0000 (14:15 +0200)]
updated pubkey plugin to new fingerprinting API

11 years agoupdated x509 plugin to public key/x509 API changes
Martin Willi [Mon, 24 Aug 2009 12:11:44 +0000 (14:11 +0200)]
updated x509 plugin to public key/x509 API changes

11 years agoupdated x509/CRL/AC API to align with public key, authKeyIdentifier is a chunk
Martin Willi [Mon, 24 Aug 2009 12:10:26 +0000 (14:10 +0200)]
updated x509/CRL/AC API to align with public key, authKeyIdentifier is a chunk

11 years agoupdated openssl plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:09:18 +0000 (14:09 +0200)]
updated openssl plugin to new private/public key API, use encoder framework

11 years agoupdated gcrypt plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:07:32 +0000 (14:07 +0200)]
updated gcrypt plugin to new private/public key API, use encoder framework

11 years agoupdated gmp plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:06:41 +0000 (14:06 +0200)]
updated gmp plugin to new private/public key API, use encoder framework

11 years agochanged get_id/get_encoding API of private/public key to use new encoding framework
Martin Willi [Mon, 24 Aug 2009 12:04:23 +0000 (14:04 +0200)]
changed get_id/get_encoding API of private/public key to use new encoding framework

11 years agoremoved obsolete fingerprint identification types
Martin Willi [Mon, 24 Aug 2009 12:21:38 +0000 (14:21 +0200)]
removed obsolete fingerprint identification types

11 years agoadded generic implementation helpers for private_key_t.equals/belongs_to, public_key_...
Martin Willi [Mon, 24 Aug 2009 12:00:43 +0000 (14:00 +0200)]
added generic implementation helpers for private_key_t.equals/belongs_to, public_key_t.equals

11 years agoadded a seperate chache lookup, as encode() requires arguments expensive to build
Martin Willi [Mon, 24 Aug 2009 09:12:07 +0000 (11:12 +0200)]
added a seperate chache lookup, as encode() requires arguments expensive to build

11 years agouse credential builder API to parse trusted public keys
Martin Willi [Fri, 21 Aug 2009 11:53:19 +0000 (13:53 +0200)]
use credential builder API to parse trusted public keys

11 years agoimplemented PGP fingerprinting
Martin Willi [Wed, 19 Aug 2009 14:26:29 +0000 (16:26 +0200)]
implemented PGP fingerprinting

11 years agoimplemented pkcs1 private/public key encoding and fingerprinting
Martin Willi [Wed, 19 Aug 2009 14:10:08 +0000 (16:10 +0200)]
implemented pkcs1 private/public key encoding and fingerprinting

11 years agochunk_cat/cata/create_cat/length accept the sensitive data clearing mode 's'
Martin Willi [Wed, 19 Aug 2009 14:02:20 +0000 (16:02 +0200)]
chunk_cat/cata/create_cat/length accept the sensitive data clearing mode 's'

11 years agoin addition to 'm'/'c' mode, asn1_wrap accepts a 's' mode clearing sensitive information
Martin Willi [Wed, 19 Aug 2009 14:00:48 +0000 (16:00 +0200)]
in addition to 'm'/'c' mode, asn1_wrap accepts a 's' mode clearing sensitive information

11 years agoadded a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins
Martin Willi [Tue, 18 Aug 2009 15:48:34 +0000 (17:48 +0200)]
added a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins

11 years agogmp uses component builder to build public- from private-key
Martin Willi [Tue, 18 Aug 2009 07:58:12 +0000 (09:58 +0200)]
gmp uses component builder to build public- from private-key

11 years agogcrypt uses component builder to build public- from private-key
Martin Willi [Tue, 18 Aug 2009 07:47:41 +0000 (09:47 +0200)]
gcrypt uses component builder to build public- from private-key

11 years agomoved PGP code to pluto and gpg plugin
Martin Willi [Mon, 17 Aug 2009 13:56:08 +0000 (15:56 +0200)]
moved PGP code to pluto and gpg plugin

11 years agogmp plugin makes use of pkcs1/pgp/dnskey plugins
Martin Willi [Mon, 17 Aug 2009 12:58:42 +0000 (14:58 +0200)]
gmp plugin makes use of pkcs1/pgp/dnskey plugins

11 years agoenforce RSA_PRIME1 > RSA_PRIME2 (p > q) in PGP
Martin Willi [Mon, 17 Aug 2009 13:30:20 +0000 (15:30 +0200)]
enforce RSA_PRIME1 > RSA_PRIME2 (p > q) in PGP

11 years agoimplemented RFC3110 key builder in a plugin, added generic DNSKEY RR parsing
Martin Willi [Mon, 17 Aug 2009 12:45:52 +0000 (14:45 +0200)]
implemented RFC3110 key builder in a plugin, added generic DNSKEY RR parsing

11 years agorenamed BUILD_BLOB_RFC_3110 to BUILD_BLOB_DNSKEY, we potentially support other key...
Martin Willi [Mon, 17 Aug 2009 12:11:39 +0000 (14:11 +0200)]
renamed BUILD_BLOB_RFC_3110 to BUILD_BLOB_DNSKEY, we potentially support other key types

11 years agopluto uses KEY_ANY builder to parse PGP public keys
Martin Willi [Mon, 17 Aug 2009 11:48:50 +0000 (13:48 +0200)]
pluto uses KEY_ANY builder to parse PGP public keys

11 years agoimplemented a pgp plugin providing PGP key parsing builders
Martin Willi [Mon, 17 Aug 2009 11:46:04 +0000 (13:46 +0200)]
implemented a pgp plugin providing PGP key parsing builders

11 years agomake use of the pkcs1 plugin in gcrypt rsa key parsing
Martin Willi [Fri, 14 Aug 2009 15:21:03 +0000 (17:21 +0200)]
make use of the pkcs1 plugin in gcrypt rsa key parsing

11 years agoremoved subjectPublicKeyInfo parsing, provided by pkcs1 plugin
Martin Willi [Fri, 14 Aug 2009 14:51:12 +0000 (16:51 +0200)]
removed subjectPublicKeyInfo parsing, provided by pkcs1 plugin

11 years agoimplemented a pkcs1 plugin providing PKCS#1 key parsing builders
Martin Willi [Fri, 14 Aug 2009 14:48:40 +0000 (16:48 +0200)]
implemented a pkcs1 plugin providing PKCS#1 key parsing builders

11 years agoadded support for %prompt-ing private key passhprases in strokes "ipsec secrets"
Martin Willi [Fri, 14 Aug 2009 13:01:35 +0000 (15:01 +0200)]
added support for %prompt-ing private key passhprases in strokes "ipsec secrets"

11 years agoshow more information if building a credential fails
Martin Willi [Fri, 14 Aug 2009 11:19:47 +0000 (13:19 +0200)]
show more information if building a credential fails

11 years agolog loaded private key/certificates
Martin Willi [Thu, 13 Aug 2009 15:14:41 +0000 (17:14 +0200)]
log loaded private key/certificates

11 years agoadded getnetbyname/gethostbyname2 to leak detective whitelist, used by pluto
Martin Willi [Thu, 13 Aug 2009 14:47:57 +0000 (16:47 +0200)]
added getnetbyname/gethostbyname2 to leak detective whitelist, used by pluto

11 years agoclone blobs passed to parse functions, check before free
Martin Willi [Thu, 13 Aug 2009 14:47:27 +0000 (16:47 +0200)]
clone blobs passed to parse functions, check before free

11 years agofixed builder signature
Martin Willi [Thu, 13 Aug 2009 14:05:06 +0000 (16:05 +0200)]
fixed builder signature

11 years agodo not enumerate builders returning NULL
Martin Willi [Thu, 13 Aug 2009 14:04:45 +0000 (16:04 +0200)]
do not enumerate builders returning NULL

11 years agoupdated pubkey_speed test to use pem plugin
Martin Willi [Thu, 13 Aug 2009 13:39:29 +0000 (15:39 +0200)]
updated pubkey_speed test to use pem plugin

11 years agohandle pluto specific certificates under CRED_CERTIFICATE, not as own credential...
Martin Willi [Thu, 13 Aug 2009 13:05:14 +0000 (15:05 +0200)]
handle pluto specific certificates under CRED_CERTIFICATE, not as own credential kind

11 years agounified pluto builder implementations
Martin Willi [Thu, 13 Aug 2009 12:18:58 +0000 (14:18 +0200)]
unified pluto builder implementations

11 years agoremoved obsolete PEM code in pluto/libstrongswan
Martin Willi [Thu, 13 Aug 2009 11:47:31 +0000 (13:47 +0200)]
removed obsolete PEM code in pluto/libstrongswan

11 years agouse credential builder to build crls
Martin Willi [Thu, 13 Aug 2009 11:37:14 +0000 (13:37 +0200)]
use credential builder to build crls

11 years agouse credential builder to build attribute certificates
Martin Willi [Thu, 13 Aug 2009 09:15:31 +0000 (11:15 +0200)]
use credential builder to build attribute certificates

11 years agomoved builder hooks to a separate file
Martin Willi [Thu, 13 Aug 2009 08:48:22 +0000 (10:48 +0200)]
moved builder hooks to a separate file

11 years agouse a pluto specific credential builder to build pluto cert_t's
Martin Willi [Wed, 12 Aug 2009 15:27:15 +0000 (17:27 +0200)]
use a pluto specific credential builder to build pluto cert_t's

11 years agoremoved obsolete pgp private key parsing, done by libstrongswan
Martin Willi [Wed, 12 Aug 2009 14:14:26 +0000 (16:14 +0200)]
removed obsolete pgp private key parsing, done by libstrongswan

11 years agouse libstrongswan for private key loading, whack callback to read passphrase
Martin Willi [Wed, 12 Aug 2009 14:13:18 +0000 (16:13 +0200)]
use libstrongswan for private key loading, whack callback to read passphrase

11 years agopass along X509 flags when loading PEM encoded data
Martin Willi [Wed, 12 Aug 2009 13:34:14 +0000 (15:34 +0200)]
pass along X509 flags when loading PEM encoded data

11 years agomake use of the pem helper plugin to load credentials
Martin Willi [Wed, 12 Aug 2009 12:40:16 +0000 (14:40 +0200)]
make use of the pem helper plugin to load credentials

11 years agoadded file loading support to pem plugin, using mmap()
Martin Willi [Wed, 12 Aug 2009 11:26:02 +0000 (13:26 +0200)]
added file loading support to pem plugin, using mmap()

11 years agomoved PEM parsing functionality to its own plugin
Martin Willi [Tue, 11 Aug 2009 14:24:01 +0000 (16:24 +0200)]
moved PEM parsing functionality to its own plugin

11 years agomake boolean expression less enigmatic
Andreas Steffen [Tue, 25 Aug 2009 19:09:54 +0000 (21:09 +0200)]
make boolean expression less enigmatic

11 years agoset stroke connection flags to a clear TRUE/FALSE
Martin Willi [Tue, 25 Aug 2009 17:57:36 +0000 (19:57 +0200)]
set stroke connection flags to a clear TRUE/FALSE

11 years agodisable lifetimes of allocated SPIs
Martin Willi [Tue, 25 Aug 2009 16:15:25 +0000 (18:15 +0200)]
disable lifetimes of allocated SPIs

The default lifetime of 30 seconds is too short, as a tunnel
setup may need several minutes if we have high packet loss. Instead
of increasing the value, we disable lifetimes completely, as we handle
the removal of such SAs from userland just fine.

11 years agoremove incomplete SAs with PROTO_ESP
Martin Willi [Tue, 25 Aug 2009 16:12:55 +0000 (18:12 +0200)]
remove incomplete SAs with PROTO_ESP

11 years agoadded URL for git repository served over git:// protocol
Martin Willi [Fri, 21 Aug 2009 08:52:39 +0000 (10:52 +0200)]
added URL for git repository served over git:// protocol

11 years agoversion bump to 4.3.5
Andreas Steffen [Tue, 18 Aug 2009 16:35:37 +0000 (18:35 +0200)]
version bump to 4.3.5

11 years agopruned OID tree
Andreas Steffen [Tue, 18 Aug 2009 16:24:26 +0000 (18:24 +0200)]
pruned OID tree

11 years agofixed wrong emailAddress OID introduced by revision c31687da
Andreas Steffen [Tue, 18 Aug 2009 15:52:00 +0000 (17:52 +0200)]
fixed wrong emailAddress OID introduced by revision c31687da

11 years agoFixing address resolution via getaddrinfo in libfreeswan. 4.3.4
Tobias Brunner [Tue, 18 Aug 2009 10:30:11 +0000 (12:30 +0200)]
Fixing address resolution via getaddrinfo in libfreeswan.

11 years agocheck integrity of pool code file
Andreas Steffen [Mon, 17 Aug 2009 13:46:56 +0000 (15:46 +0200)]
check integrity of pool code file

11 years agointegrity test of openac and scepclient code files
Andreas Steffen [Mon, 17 Aug 2009 12:25:18 +0000 (14:25 +0200)]
integrity test of openac and scepclient code files

11 years agoNEWS for 4.3.4
Andreas Steffen [Mon, 17 Aug 2009 11:47:28 +0000 (13:47 +0200)]
NEWS for 4.3.4

11 years agoreinitialize print arguments
Andreas Steffen [Mon, 17 Aug 2009 08:54:34 +0000 (10:54 +0200)]
reinitialize print arguments

11 years agocheck success of library_init()
Andreas Steffen [Fri, 14 Aug 2009 20:13:51 +0000 (22:13 +0200)]
check success of library_init()

11 years agoReplacing gethostbyname, gethostbyname2 and their _r variants with getaddrinfo to...
Tobias Brunner [Fri, 14 Aug 2009 13:47:04 +0000 (15:47 +0200)]
Replacing gethostbyname, gethostbyname2 and their _r variants with getaddrinfo to increase portability.

11 years agoOpenSolaris needs libsocket and libnsl for socket().
Tobias Brunner [Fri, 14 Aug 2009 12:42:03 +0000 (14:42 +0200)]
OpenSolaris needs libsocket and libnsl for socket().

11 years agoEnable CMSG headers and macros on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 12:32:18 +0000 (14:32 +0200)]
Enable CMSG headers and macros on OpenSolaris.

11 years agoAdded define to get sigwait with two parameters on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 12:31:18 +0000 (14:31 +0200)]
Added define to get sigwait with two parameters on OpenSolaris.

11 years agosockio.h is required on OpenSolaris for SIOCGIFADDR.
Tobias Brunner [Fri, 14 Aug 2009 12:02:27 +0000 (14:02 +0200)]
sockio.h is required on OpenSolaris for SIOCGIFADDR.

11 years agoReplaced the strange definitions of IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT on...
Tobias Brunner [Fri, 14 Aug 2009 11:57:07 +0000 (13:57 +0200)]
Replaced the strange definitions of IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT on OpenSolaris.

11 years agoDefined some missing fixed-width int types on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:54:53 +0000 (13:54 +0200)]
Defined some missing fixed-width int types on OpenSolaris.

11 years agoLOG_AUTHPRIV is not defined on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:37:07 +0000 (13:37 +0200)]
LOG_AUTHPRIV is not defined on OpenSolaris.

11 years agoOpenSolaris defines MUTEX_DEFAULT therefore we rename the members of the enums mutex...
Tobias Brunner [Fri, 14 Aug 2009 11:30:59 +0000 (13:30 +0200)]
OpenSolaris defines MUTEX_DEFAULT therefore we rename the members of the enums mutex/condvar/rwlock_type_t.

11 years agoWe need to include alloca.h on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:25:22 +0000 (13:25 +0200)]
We need to include alloca.h on OpenSolaris.

11 years agofixed 4.3 refactoring error
Andreas Steffen [Tue, 11 Aug 2009 06:51:16 +0000 (08:51 +0200)]
fixed 4.3 refactoring error

11 years agoadded -module -avoid-version LDFLAGS
Andreas Steffen [Mon, 10 Aug 2009 23:06:45 +0000 (01:06 +0200)]
added -module -avoid-version LDFLAGS

11 years agoprepare CAMELLIA_CCM ESP encryption
Andreas Steffen [Mon, 10 Aug 2009 14:30:42 +0000 (16:30 +0200)]
prepare CAMELLIA_CCM ESP encryption

11 years agoadd ikev1/esp-alg-aes-ctr scenario
Andreas Steffen [Sat, 8 Aug 2009 17:20:53 +0000 (19:20 +0200)]
add ikev1/esp-alg-aes-ctr scenario

11 years agoadded ikev2/esp-alg-aes-ctr scenario
Andreas Steffen [Sat, 8 Aug 2009 17:08:17 +0000 (19:08 +0200)]
added ikev2/esp-alg-aes-ctr scenario

11 years agoFreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates...
Tobias Brunner [Fri, 7 Aug 2009 16:30:40 +0000 (18:30 +0200)]
FreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates this function (and the other defined in execinfo.h).

11 years agoset protocol to ESP for policies installed as a trap
Martin Willi [Fri, 7 Aug 2009 14:05:32 +0000 (16:05 +0200)]
set protocol to ESP for policies installed as a trap

11 years agofixed printf fromat for length limited string
Martin Willi [Thu, 6 Aug 2009 15:56:45 +0000 (17:56 +0200)]
fixed printf fromat for length limited string

11 years ago%llu correctly prints u_int64_t
Andreas Steffen [Fri, 7 Aug 2009 07:50:36 +0000 (09:50 +0200)]
%llu correctly prints u_int64_t

11 years agoprinting u_int64_t caused segfault on 32-bit platforms
Andreas Steffen [Fri, 7 Aug 2009 06:47:07 +0000 (08:47 +0200)]
printing u_int64_t caused segfault on 32-bit platforms

11 years agodo not set usetime if query_policy() fails
Andreas Steffen [Fri, 7 Aug 2009 03:59:09 +0000 (05:59 +0200)]
do not set usetime if query_policy() fails

11 years agoUse LONG_MAX instead of a hard-coded value.
Tobias Brunner [Thu, 6 Aug 2009 16:22:01 +0000 (18:22 +0200)]
Use LONG_MAX instead of a hard-coded value.

11 years agoFreeBSD returns the current policy use time only after specifying a hard lifetime...
Tobias Brunner [Thu, 6 Aug 2009 16:14:44 +0000 (18:14 +0200)]
FreeBSD returns the current policy use time only after specifying a hard lifetime when installing the policy.

11 years agoadded openssl-ikev2/alg-camellia scenario
Andreas Steffen [Thu, 6 Aug 2009 14:48:24 +0000 (16:48 +0200)]
added openssl-ikev2/alg-camellia scenario

11 years agoFixed a race condition when querying stats of a child_sa in different order.
Tobias Brunner [Thu, 6 Aug 2009 14:46:02 +0000 (16:46 +0200)]
Fixed a race condition when querying stats of a child_sa in different order.

11 years agouse SS_RC_FIRST and SS_RC_LAST
Andreas Steffen [Thu, 6 Aug 2009 14:42:44 +0000 (16:42 +0200)]
use SS_RC_FIRST and SS_RC_LAST

11 years agoabort pluto or charon if initialization fails
Andreas Steffen [Thu, 6 Aug 2009 14:32:42 +0000 (16:32 +0200)]
abort pluto or charon if initialization fails

11 years agoDon't query the policy usetime if there was no traffic on the SA.
Tobias Brunner [Thu, 6 Aug 2009 13:14:54 +0000 (15:14 +0200)]
Don't query the policy usetime if there was no traffic on the SA.

This helps in cases where a policy is assigned to more than one SA. That
is, SAs now should have different usetimes even if they use the same policy.

11 years agoReverted the interface changes introduced in 3f720dc7.
Tobias Brunner [Thu, 6 Aug 2009 11:30:16 +0000 (13:30 +0200)]
Reverted the interface changes introduced in 3f720dc7.

11 years agoadded support for ipsec.secrets "include" directive
Martin Willi [Thu, 6 Aug 2009 09:29:55 +0000 (11:29 +0200)]
added support for ipsec.secrets "include" directive

11 years agoReversed the check for udp.h, fixes compilation on Linux.
Tobias Brunner [Thu, 6 Aug 2009 08:01:59 +0000 (10:01 +0200)]
Reversed the check for udp.h, fixes compilation on Linux.

11 years agoactivated CAMELLIA_CBC cipher in openssl plugin
Andreas Steffen [Wed, 5 Aug 2009 20:46:53 +0000 (22:46 +0200)]
activated CAMELLIA_CBC cipher in openssl plugin

11 years agosupport of SHA224-based certificate signatures
Andreas Steffen [Wed, 5 Aug 2009 20:01:13 +0000 (22:01 +0200)]
support of SHA224-based certificate signatures