strongswan.git
8 years agoIn scanf the maxmium length of %s does not include the null-terminator.
Tobias Brunner [Thu, 14 Apr 2011 09:26:25 +0000 (11:26 +0200)]
In scanf the maxmium length of %s does not include the null-terminator.

8 years agostarter_conn_t.id is an unsigned long.
Tobias Brunner [Thu, 14 Apr 2011 09:25:31 +0000 (11:25 +0200)]
starter_conn_t.id is an unsigned long.

8 years agoFix compiler warnings at creation of CRL cache filenames.
Tobias Brunner [Thu, 14 Apr 2011 08:44:19 +0000 (10:44 +0200)]
Fix compiler warnings at creation of CRL cache filenames.

This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point.  But it's clearer
this way.

8 years agoFixed output in ietf_attributes_t.get_string.
Tobias Brunner [Thu, 14 Apr 2011 08:24:46 +0000 (10:24 +0200)]
Fixed output in ietf_attributes_t.get_string.

8 years agoFix "set nexthop to him when instantiating rightallowyes template with leftnexthop...
Tobias Brunner [Thu, 14 Apr 2011 07:31:26 +0000 (09:31 +0200)]
Fix "set nexthop to him when instantiating rightallowyes template with leftnexthop == right"

This fixes commit 280f6b1ab2.

8 years agoadded TLS renegotiation_info extension
Andreas Steffen [Thu, 14 Apr 2011 14:54:34 +0000 (16:54 +0200)]
added TLS renegotiation_info extension

8 years agoShow full blown traffic selector in log_ts hook
Martin Willi [Thu, 14 Apr 2011 07:12:08 +0000 (09:12 +0200)]
Show full blown traffic selector in log_ts hook

8 years agoFixed check for member of stroke_msg_t in pop_string.
Tobias Brunner [Wed, 13 Apr 2011 16:18:03 +0000 (18:18 +0200)]
Fixed check for member of stroke_msg_t in pop_string.

Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).

8 years agopluto: Properly initialize a.continuation.
Tobias Brunner [Tue, 12 Apr 2011 15:39:11 +0000 (17:39 +0200)]
pluto: Properly initialize a.continuation.

8 years agopluto: Properly initialize ta.encrypter.
Tobias Brunner [Tue, 12 Apr 2011 15:22:50 +0000 (17:22 +0200)]
pluto: Properly initialize ta.encrypter.

8 years agopluto: Fixed off by one error when reading private keys.
Tobias Brunner [Tue, 12 Apr 2011 13:54:29 +0000 (15:54 +0200)]
pluto: Fixed off by one error when reading private keys.

8 years agoRemoved unused variables.
Tobias Brunner [Tue, 12 Apr 2011 12:28:18 +0000 (14:28 +0200)]
Removed unused variables.

8 years agoFix compiler warning after fetcher_t.fetch signature change
Martin Willi [Mon, 11 Apr 2011 16:56:08 +0000 (18:56 +0200)]
Fix compiler warning after fetcher_t.fetch signature change

8 years agoversion bump to 4.5.2dr5
Andreas Steffen [Mon, 11 Apr 2011 04:24:31 +0000 (06:24 +0200)]
version bump to 4.5.2dr5

8 years agoupdated NEWS
Andreas Steffen [Mon, 11 Apr 2011 04:23:52 +0000 (06:23 +0200)]
updated NEWS

8 years agoUse an IV size of zero for DES in ECB mode
Martin Willi [Fri, 8 Apr 2011 12:55:46 +0000 (14:55 +0200)]
Use an IV size of zero for DES in ECB mode

8 years agoFixed debug statement if algorithm benchmarking enabled
Martin Willi [Fri, 8 Apr 2011 12:55:10 +0000 (14:55 +0200)]
Fixed debug statement if algorithm benchmarking enabled

8 years agowith the 2.6.38 kernel alice is preferred for handling the IKE connections
Andreas Steffen [Fri, 8 Apr 2011 05:50:05 +0000 (07:50 +0200)]
with the 2.6.38 kernel alice is preferred for handling the IKE connections

8 years agofixed bit mask
Duncan Salerno [Thu, 7 Apr 2011 19:41:41 +0000 (21:41 +0200)]
fixed bit mask

8 years agoadded EAP-PEAP options to strongswan.conf
Andreas Steffen [Wed, 6 Apr 2011 18:08:56 +0000 (20:08 +0200)]
added EAP-PEAP options to strongswan.conf

8 years agodefine MSCHAPv2 as default phase2 algorithm for EAP-PEAP
Andreas Steffen [Wed, 6 Apr 2011 18:07:59 +0000 (20:07 +0200)]
define MSCHAPv2 as default phase2 algorithm for EAP-PEAP

8 years agoadded ikev2/rw-eap-peap-mschapv2 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:58 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-mschapv2 scenario

8 years agoadded ikev2/rw-eap-peap-md5 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:30 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-md5 scenario

8 years agoadded ikev2/rw-eap-peap-radius scenario
Andreas Steffen [Wed, 6 Apr 2011 17:42:52 +0000 (19:42 +0200)]
added ikev2/rw-eap-peap-radius scenario

8 years agoallow multi-pass authentication schemes as e.g. MSCHAPv2
Andreas Steffen [Wed, 6 Apr 2011 17:39:00 +0000 (19:39 +0200)]
allow multi-pass authentication schemes as e.g. MSCHAPv2

8 years agodisplay EAP identifiers in HEX format
Andreas Steffen [Wed, 6 Apr 2011 15:34:27 +0000 (17:34 +0200)]
display EAP identifiers in HEX format

8 years agono EAP identifier offset required in build() function
Andreas Steffen [Wed, 6 Apr 2011 15:33:01 +0000 (17:33 +0200)]
no EAP identifier offset required in build() function

8 years agoadded missing function pointers in eap_identity_create_server()
Andreas Steffen [Wed, 6 Apr 2011 13:47:49 +0000 (15:47 +0200)]
added missing function pointers in eap_identity_create_server()

8 years agoimplemented the PEAP tunneling protocol as an EAP plugin
Andreas Steffen [Wed, 6 Apr 2011 12:42:02 +0000 (14:42 +0200)]
implemented the PEAP tunneling protocol as an EAP plugin

8 years agoadded get|set_identifier() methods to eap_tnc_t
Andreas Steffen [Wed, 6 Apr 2011 05:50:42 +0000 (07:50 +0200)]
added get|set_identifier() methods to eap_tnc_t

8 years agoadded EAP identifier to debug output
Andreas Steffen [Tue, 5 Apr 2011 18:53:46 +0000 (20:53 +0200)]
added EAP identifier to debug output

8 years agoadded get|set_identifier() methods to eap_tls_t and eap_ttls_t
Andreas Steffen [Tue, 5 Apr 2011 16:35:22 +0000 (18:35 +0200)]
added get|set_identifier() methods to eap_tls_t and eap_ttls_t

8 years agoadded TLS_PURPOSE_EAP_PEAP
Andreas Steffen [Tue, 5 Apr 2011 16:16:28 +0000 (18:16 +0200)]
added TLS_PURPOSE_EAP_PEAP

8 years agoimplemented get|set_identifier() for tls_eap_t
Andreas Steffen [Tue, 5 Apr 2011 16:14:58 +0000 (18:14 +0200)]
implemented get|set_identifier() for tls_eap_t

8 years agoeap_packet_t definition moved to libstrongswan/eap/eap.h
Andreas Steffen [Tue, 5 Apr 2011 16:04:45 +0000 (18:04 +0200)]
eap_packet_t definition moved to libstrongswan/eap/eap.h

8 years agoadded EAP PEAP and MSTLV protocols
Andreas Steffen [Tue, 5 Apr 2011 15:59:49 +0000 (17:59 +0200)]
added EAP PEAP and MSTLV protocols

8 years agoimplemented get|set_identifier() for eap_sim_t
Andreas Steffen [Tue, 5 Apr 2011 15:01:28 +0000 (17:01 +0200)]
implemented get|set_identifier() for eap_sim_t

8 years agoMigrated eap_sim plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 14:12:38 +0000 (16:12 +0200)]
Migrated eap_sim plugin to INIT/METHOD macros

8 years agoimplemented get|set_identifier() for eap_radius_t
Andreas Steffen [Tue, 5 Apr 2011 13:57:00 +0000 (15:57 +0200)]
implemented get|set_identifier() for eap_radius_t

8 years agostore EAP identifier on peer side
Andreas Steffen [Tue, 5 Apr 2011 13:45:51 +0000 (15:45 +0200)]
store EAP identifier on peer side

8 years agoimplemented get|set_identifier() for eap_aka_t
Andreas Steffen [Tue, 5 Apr 2011 13:38:54 +0000 (15:38 +0200)]
implemented get|set_identifier() for eap_aka_t

8 years agoAdded support for DES_ECB to af-alg, required for eap-mschapv2
Martin Willi [Tue, 5 Apr 2011 13:11:17 +0000 (15:11 +0200)]
Added support for DES_ECB to af-alg, required for eap-mschapv2

8 years agoMigrated eap_aka plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 13:20:22 +0000 (15:20 +0200)]
Migrated eap_aka plugin to INIT/METHOD macros

8 years agoimplemented get|set_identifier() for eap_gtc_t
Andreas Steffen [Tue, 5 Apr 2011 12:47:19 +0000 (14:47 +0200)]
implemented get|set_identifier() for eap_gtc_t

8 years agoMigrated eap_gtc plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 12:44:26 +0000 (14:44 +0200)]
Migrated eap_gtc plugin to INIT/METHOD macros

8 years agoimplemented get|set_identifier() for eap_mschapv2_t
Andreas Steffen [Tue, 5 Apr 2011 12:44:09 +0000 (14:44 +0200)]
implemented get|set_identifier() for eap_mschapv2_t

8 years agoMigrated eap_mschapv2 plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 12:23:59 +0000 (14:23 +0200)]
Migrated eap_mschapv2 plugin to INIT/METHOD macros

8 years agoimplemented get|set_identifier() for eap_identity_t and eap_md5_t
Andreas Steffen [Tue, 5 Apr 2011 12:22:58 +0000 (14:22 +0200)]
implemented get|set_identifier() for eap_identity_t and eap_md5_t

8 years agolog the EAP identifier also for vendor specific EAP methods
Andreas Steffen [Tue, 5 Apr 2011 11:57:37 +0000 (13:57 +0200)]
log the EAP identifier also for vendor specific EAP methods

8 years agolog the initial value of the EAP identifier
Andreas Steffen [Tue, 5 Apr 2011 11:54:26 +0000 (13:54 +0200)]
log the initial value of the EAP identifier

8 years agoadded get_identifier() and set_identifier() methods
Andreas Steffen [Tue, 5 Apr 2011 11:31:32 +0000 (13:31 +0200)]
added get_identifier() and set_identifier() methods

8 years agoMigrated eap_sim_pcsc plugin to INIT/METHOD macros
Martin Willi [Mon, 4 Apr 2011 07:31:45 +0000 (09:31 +0200)]
Migrated eap_sim_pcsc plugin to INIT/METHOD macros

8 years agoSlightly reformatted SIM pcsc code
Martin Willi [Mon, 4 Apr 2011 07:21:54 +0000 (09:21 +0200)]
Slightly reformatted SIM pcsc code

8 years agoAdded SIM card backend based on pcsc-lite
Duncan Salerno [Mon, 4 Apr 2011 06:51:50 +0000 (08:51 +0200)]
Added SIM card backend based on pcsc-lite

8 years agoAdded alloc/stream options to fetcher test utility
Martin Willi [Fri, 1 Apr 2011 09:40:18 +0000 (11:40 +0200)]
Added alloc/stream options to fetcher test utility

8 years agoAdded support for FETCH_CALLBACK to soup fetcher
Martin Willi [Fri, 1 Apr 2011 09:30:35 +0000 (11:30 +0200)]
Added support for FETCH_CALLBACK to soup fetcher

8 years agoSupport FETCH_CALLBACK in curl fetcher
Martin Willi [Fri, 1 Apr 2011 09:01:42 +0000 (11:01 +0200)]
Support FETCH_CALLBACK in curl fetcher

8 years agoAdded a new FETCH_CALLBACK option to fetch data without allocation
Martin Willi [Fri, 1 Apr 2011 08:30:42 +0000 (10:30 +0200)]
Added a new FETCH_CALLBACK option to fetch data without allocation

8 years agoMigrated fetcher_manager to INIT/METHOD macros
Martin Willi [Fri, 1 Apr 2011 08:26:24 +0000 (10:26 +0200)]
Migrated fetcher_manager to INIT/METHOD macros

9 years agoversion bump to 4.5.2dr4
Andreas Steffen [Sat, 2 Apr 2011 05:46:16 +0000 (07:46 +0200)]
version bump to 4.5.2dr4

9 years agoupdated ikev2/rw-eap-tnc scenarios
Andreas Steffen [Fri, 1 Apr 2011 17:44:25 +0000 (19:44 +0200)]
updated ikev2/rw-eap-tnc scenarios

9 years agoInstall systemd service file if systemd is available
Miklos Vajna [Mon, 28 Mar 2011 18:04:00 +0000 (20:04 +0200)]
Install systemd service file if systemd is available

9 years agolog TNC PEP decision with level 0
Andreas Steffen [Fri, 25 Mar 2011 11:48:45 +0000 (12:48 +0100)]
log TNC PEP decision with level 0

9 years agoIncrease whitelist message identity buffer to 128 bytes
Martin Willi [Wed, 23 Mar 2011 13:16:13 +0000 (14:16 +0100)]
Increase whitelist message identity buffer to 128 bytes

9 years agoFix order of PURGE_* flags to be compatible with STROKE_PURGE_* keywords
Martin Willi [Wed, 23 Mar 2011 08:28:40 +0000 (09:28 +0100)]
Fix order of PURGE_* flags to be compatible with STROKE_PURGE_* keywords

9 years agoMake availability of glob(3) optional in settings_t.
Tobias Brunner [Tue, 22 Mar 2011 18:17:51 +0000 (19:17 +0100)]
Make availability of glob(3) optional in settings_t.

If glob(3) is not available just try to open the pattern as regular
file. The reason for this change is that glob(3) is not available on Android.

9 years agoMake sure that files included in settings_t are regular files.
Tobias Brunner [Tue, 22 Mar 2011 18:16:19 +0000 (19:16 +0100)]
Make sure that files included in settings_t are regular files.

9 years agoDefine PLUGINDIR in Android.mk even though it is currently not used.
Tobias Brunner [Tue, 22 Mar 2011 16:37:19 +0000 (17:37 +0100)]
Define PLUGINDIR in Android.mk even though it is currently not used.

The combined plugin loader requires PLUGINDIR to be defined.

9 years agoFile lists in Android.mk files updated to those in the Makefiles.
Tobias Brunner [Tue, 22 Mar 2011 16:36:23 +0000 (17:36 +0100)]
File lists in Android.mk files updated to those in the Makefiles.

9 years agoFall back to _LINUX_CAPABILITY_VERSION if no explicit version is defined.
Tobias Brunner [Tue, 22 Mar 2011 16:33:29 +0000 (17:33 +0100)]
Fall back to _LINUX_CAPABILITY_VERSION if no explicit version is defined.

This is the case on Android.

9 years agoredirect debug output of imc/imv pairs to syslog
Andreas Steffen [Sat, 19 Mar 2011 22:23:52 +0000 (23:23 +0100)]
redirect debug output of imc/imv pairs to syslog

9 years agosome changes to the ikev2/rw-eap-tnc-11|20 scenarios
Andreas Steffen [Sat, 19 Mar 2011 15:48:06 +0000 (16:48 +0100)]
some changes to the ikev2/rw-eap-tnc-11|20 scenarios

9 years agoTNC server did not issue a TNC_CONNECTION_STATE_HANDSHAKE NotifyConnection message
Andreas Steffen [Sat, 19 Mar 2011 15:43:22 +0000 (16:43 +0100)]
TNC server did not issue a TNC_CONNECTION_STATE_HANDSHAKE NotifyConnection message

9 years agoaf-alg plugin does not require hmac and xcbc plugins
Andreas Steffen [Fri, 18 Mar 2011 08:54:59 +0000 (09:54 +0100)]
af-alg plugin does not require hmac and xcbc plugins

9 years agoadded duplicheck.enable and whitelist.enable options to strongswan.conf man page
Andreas Steffen [Fri, 18 Mar 2011 07:01:09 +0000 (08:01 +0100)]
added duplicheck.enable and whitelist.enable options to strongswan.conf man page

9 years agoadded af-alg-ikev1/alg-camellia scenario
Andreas Steffen [Fri, 18 Mar 2011 06:39:21 +0000 (07:39 +0100)]
added af-alg-ikev1/alg-camellia scenario

9 years agoadded af-alg-ikev2/alg-camellia scenario
Andreas Steffen [Fri, 18 Mar 2011 06:34:48 +0000 (07:34 +0100)]
added af-alg-ikev2/alg-camellia scenario

9 years agoadded the af-alg-ikev1/rw-cert scenario
Andreas Steffen [Thu, 17 Mar 2011 22:16:41 +0000 (23:16 +0100)]
added the af-alg-ikev1/rw-cert scenario

9 years agoadded the af-alg-ikev2/rw-cert scenario
Andreas Steffen [Thu, 17 Mar 2011 21:55:26 +0000 (22:55 +0100)]
added the af-alg-ikev2/rw-cert scenario

9 years agobuild the af-alg plugin in the UML test environment
Andreas Steffen [Thu, 17 Mar 2011 21:53:09 +0000 (22:53 +0100)]
build the af-alg plugin in the UML test environment

9 years agoinclude linux/if_alg.h in the strongSwan distribution
Andreas Steffen [Thu, 17 Mar 2011 21:52:04 +0000 (22:52 +0100)]
include linux/if_alg.h in the strongSwan distribution

9 years agoversion bump to 4.5.2dr3
Andreas Steffen [Thu, 17 Mar 2011 19:24:44 +0000 (20:24 +0100)]
version bump to 4.5.2dr3

9 years agoadded NEWS for 4.5.2dr2 release
Andreas Steffen [Thu, 17 Mar 2011 19:24:00 +0000 (20:24 +0100)]
added NEWS for 4.5.2dr2 release

9 years agoAdded a strongswan.conf "enabled" option for duplicheck plugin
Martin Willi [Thu, 17 Mar 2011 16:34:11 +0000 (17:34 +0100)]
Added a strongswan.conf "enabled" option for duplicheck plugin

9 years agoAdded strongswan.conf and runtime option to enable/disable whitelist plugin
Martin Willi [Thu, 17 Mar 2011 16:15:16 +0000 (17:15 +0100)]
Added strongswan.conf and runtime option to enable/disable whitelist plugin

9 years agoMove establish/inherit of rekeyed IKE_SAs to delete messages
Martin Willi [Tue, 15 Mar 2011 14:20:09 +0000 (15:20 +0100)]
Move establish/inherit of rekeyed IKE_SAs to delete messages

Having the inherit() function delayed to the IKE_SA establish procedure
was problematic. The task destroy function was never a good place and
results in locking/cleanup problems. After establishing the SA, it
should be really checked in ASAP to avoid any triggered DPD checks
to get lost.

9 years agoWrap IKE delete after rekey into rekey task for responder, too
Martin Willi [Tue, 15 Mar 2011 10:51:53 +0000 (11:51 +0100)]
Wrap IKE delete after rekey into rekey task for responder, too

9 years agoDo not invoke processor restart() if not required
Martin Willi [Tue, 15 Mar 2011 10:48:19 +0000 (11:48 +0100)]
Do not invoke processor restart() if not required

Doing so might result in a deadlock during shutdown if a delayed
restart is locked on the bus during the debug statement.

9 years agoMigrated ike_rekey task to INIT/METHOD macros
Martin Willi [Tue, 15 Mar 2011 10:30:02 +0000 (11:30 +0100)]
Migrated ike_rekey task to INIT/METHOD macros

9 years agofixed asn1_oid_from_string(), allowing it to handle up to 32 bit node numbers
Andreas Steffen [Sat, 12 Mar 2011 12:46:14 +0000 (13:46 +0100)]
fixed asn1_oid_from_string(), allowing it to handle up to 32 bit node numbers

9 years agofixed parsing of X.509 certificatePolicies
Andreas Steffen [Fri, 11 Mar 2011 11:38:00 +0000 (12:38 +0100)]
fixed parsing of X.509 certificatePolicies

9 years agoadded tcg-at-tpmIdLabel OID
Andreas Steffen [Fri, 11 Mar 2011 10:48:46 +0000 (11:48 +0100)]
added tcg-at-tpmIdLabel OID

9 years agooutput unknown OIDs in dot string notation
Andreas Steffen [Fri, 11 Mar 2011 10:48:22 +0000 (11:48 +0100)]
output unknown OIDs in dot string notation

9 years agoversion bump to 4.5.2dr2
Andreas Steffen [Fri, 11 Mar 2011 08:12:13 +0000 (09:12 +0100)]
version bump to 4.5.2dr2

9 years agoadded NEWS for the 4.5.2dr1 release
Andreas Steffen [Fri, 11 Mar 2011 08:11:37 +0000 (09:11 +0100)]
added NEWS for the 4.5.2dr1 release

9 years agofixed asn1_oid_to_string() conversion
Andreas Steffen [Wed, 9 Mar 2011 14:35:35 +0000 (15:35 +0100)]
fixed asn1_oid_to_string() conversion

9 years agoUse a boolean expression for refcount check, fixes refcounting if bool is a signed...
Martin Willi [Wed, 9 Mar 2011 06:52:13 +0000 (07:52 +0100)]
Use a boolean expression for refcount check, fixes refcounting if bool is a signed char

9 years agoMigrated sim_manager to INIT/METHOD macros
Martin Willi [Tue, 8 Mar 2011 14:02:42 +0000 (15:02 +0100)]
Migrated sim_manager to INIT/METHOD macros

9 years agoProtect sim card/provider/hook (un-)registration with a rwlock
Martin Willi [Tue, 8 Mar 2011 13:52:47 +0000 (14:52 +0100)]
Protect sim card/provider/hook (un-)registration with a rwlock

9 years agoSplitted sim_manager.h header to sim_{card,provider,hooks}.h
Martin Willi [Tue, 8 Mar 2011 13:17:53 +0000 (14:17 +0100)]
Splitted sim_manager.h header to sim_{card,provider,hooks}.h