strongswan.git
12 years agoThe introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
Martin Willi [Wed, 19 Mar 2008 14:02:52 +0000 (14:02 -0000)]
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.

12 years agolog nextUpdate of crls and ocsp responses
Andreas Steffen [Wed, 19 Mar 2008 13:11:29 +0000 (13:11 -0000)]
log nextUpdate of crls and ocsp responses

12 years agofixed stupid bug in fetch_ocsp()
Andreas Steffen [Wed, 19 Mar 2008 12:36:15 +0000 (12:36 -0000)]
fixed stupid bug in fetch_ocsp()

12 years agoattempt to achieve consistent debugging output
Andreas Steffen [Wed, 19 Mar 2008 12:06:38 +0000 (12:06 -0000)]
attempt to achieve consistent debugging output

12 years agofixed shared key lookup in stroke
Martin Willi [Wed, 19 Mar 2008 10:24:51 +0000 (10:24 -0000)]
fixed shared key lookup in stroke

12 years agofixed peer_cfg lookup when omitting IDr
Martin Willi [Wed, 19 Mar 2008 10:08:59 +0000 (10:08 -0000)]
fixed peer_cfg lookup when omitting IDr

12 years agofixed CRL check return value on revoked certificates
Martin Willi [Wed, 19 Mar 2008 09:44:47 +0000 (09:44 -0000)]
fixed CRL check return value on revoked certificates
fixed possible refcounting bugs
generic return_null() implementation

12 years agofixed compiler warning
Martin Willi [Tue, 18 Mar 2008 14:06:11 +0000 (14:06 -0000)]
fixed compiler warning

12 years agoadded generic payload order rules for notifies
Martin Willi [Tue, 18 Mar 2008 12:45:23 +0000 (12:45 -0000)]
added generic payload order rules for notifies

12 years agofixed ike_cfg lookup in stroke
Martin Willi [Tue, 18 Mar 2008 12:40:41 +0000 (12:40 -0000)]
fixed ike_cfg lookup in stroke

12 years agoadded false positive signature check
Martin Willi [Tue, 18 Mar 2008 12:25:39 +0000 (12:25 -0000)]
added false positive signature check

12 years agoadded missing test case file ([3607])
Martin Willi [Tue, 18 Mar 2008 12:16:36 +0000 (12:16 -0000)]
added missing test case file ([3607])

12 years agocreating public key from RSA private key
Martin Willi [Tue, 18 Mar 2008 12:13:51 +0000 (12:13 -0000)]
creating public key from RSA private key
RSA key generation and signature test

12 years agomade is_newer() a certificate_t method
Andreas Steffen [Tue, 18 Mar 2008 10:36:08 +0000 (10:36 -0000)]
made is_newer() a certificate_t method

12 years agobetter normalized tables for SQL plugin (IDs)
Martin Willi [Tue, 18 Mar 2008 09:07:04 +0000 (09:07 -0000)]
better normalized tables for SQL plugin (IDs)

12 years agoenforcing x509_flags on certificate construction
Martin Willi [Mon, 17 Mar 2008 08:06:49 +0000 (08:06 -0000)]
enforcing x509_flags on certificate construction

12 years agofixed CRL revoked certs enumeration
Martin Willi [Mon, 17 Mar 2008 07:25:32 +0000 (07:25 -0000)]
fixed CRL revoked certs enumeration

12 years agologging to SQL database
Martin Willi [Sat, 15 Mar 2008 14:17:09 +0000 (14:17 -0000)]
logging to SQL database

12 years agocorrectly unregister IKE_SA at the bus
Martin Willi [Sat, 15 Mar 2008 14:08:43 +0000 (14:08 -0000)]
correctly unregister IKE_SA at the bus

12 years agoremoved X509_PEER flag; flags are meant to read cert, not to store additional state...
Martin Willi [Fri, 14 Mar 2008 15:11:29 +0000 (15:11 -0000)]
removed X509_PEER flag; flags are meant to read cert, not to store additional state in cert
removed x509_t.set_flags for the reason above
implemented a simple, generic shared_key_t

12 years agocredential lookup in mysql/sqlite database
Martin Willi [Fri, 14 Mar 2008 15:06:42 +0000 (15:06 -0000)]
credential lookup in mysql/sqlite database

12 years agorefactored buggy trustchain building, fixed refcount bug
Martin Willi [Fri, 14 Mar 2008 15:04:16 +0000 (15:04 -0000)]
refactored buggy trustchain building, fixed refcount bug

12 years agoreduced mysql pool verbosity
Martin Willi [Fri, 14 Mar 2008 15:03:19 +0000 (15:03 -0000)]
reduced mysql pool verbosity

12 years agoSQL schema for MySQL and SQLite, test data
Martin Willi [Fri, 14 Mar 2008 07:39:01 +0000 (07:39 -0000)]
SQL schema for MySQL and SQLite, test data

12 years agotwo small fixes
Tobias Brunner [Thu, 13 Mar 2008 15:03:06 +0000 (15:03 -0000)]
two small fixes

12 years agofixed apidoc grouping
Martin Willi [Thu, 13 Mar 2008 14:53:57 +0000 (14:53 -0000)]
fixed apidoc grouping

12 years agoadded NetworkManager prototype DBUS policy, applet config
Martin Willi [Thu, 13 Mar 2008 14:41:27 +0000 (14:41 -0000)]
added NetworkManager prototype DBUS policy, applet config

12 years agoadded old and unmaintained prototype of NetworkManager applet and authenticator
Martin Willi [Thu, 13 Mar 2008 14:37:11 +0000 (14:37 -0000)]
added old and unmaintained prototype of NetworkManager applet and authenticator

12 years agoreverted accidentally commited testing config
Martin Willi [Thu, 13 Mar 2008 14:20:20 +0000 (14:20 -0000)]
reverted accidentally commited testing config

12 years agomerged the modularization branch (credentials) back to trunk
Martin Willi [Thu, 13 Mar 2008 14:14:44 +0000 (14:14 -0000)]
merged the modularization branch (credentials) back to trunk

12 years agoactivated svn:keywords on all UML scripts
Andreas Steffen [Sat, 1 Mar 2008 10:25:52 +0000 (10:25 -0000)]
activated svn:keywords on all UML scripts

12 years agosupport of gnome-terminal in UML testing
Andreas Steffen [Fri, 29 Feb 2008 20:17:28 +0000 (20:17 -0000)]
support of gnome-terminal in UML testing

12 years agotake down eth1 interface on alice via ssh
Andreas Steffen [Fri, 29 Feb 2008 17:00:07 +0000 (17:00 -0000)]
take down eth1 interface on alice via ssh

12 years agoadded sleep due to new scheduler in 2.6.24 kernel
Andreas Steffen [Fri, 29 Feb 2008 15:52:25 +0000 (15:52 -0000)]
added sleep due to new scheduler in 2.6.24 kernel

12 years agoversion bumps
Andreas Steffen [Fri, 29 Feb 2008 15:51:16 +0000 (15:51 -0000)]
version bumps

12 years agoimproved P2P_NAT debugging
Andreas Steffen [Wed, 27 Feb 2008 20:30:39 +0000 (20:30 -0000)]
improved P2P_NAT debugging

12 years agocreating sysconfdir if it does not exist
Martin Willi [Fri, 22 Feb 2008 14:50:38 +0000 (14:50 -0000)]
creating sysconfdir if it does not exist
moved all directory creations into starters Makefile

12 years agoversion bump to 4.2.0
Andreas Steffen [Fri, 15 Feb 2008 18:44:29 +0000 (18:44 -0000)]
version bump to 4.2.0

12 years agorelease of 4.1.11 bug fix version 4.1.11
Andreas Steffen [Thu, 14 Feb 2008 21:26:21 +0000 (21:26 -0000)]
release of 4.1.11 bug fix version

12 years agoadded support of --enable-eap-sim
Andreas Steffen [Thu, 14 Feb 2008 21:25:38 +0000 (21:25 -0000)]
added support of --enable-eap-sim

12 years agodisable eth1 interface of UML host alice after booting
Andreas Steffen [Thu, 14 Feb 2008 21:24:54 +0000 (21:24 -0000)]
disable eth1 interface of UML host alice after booting

12 years agoadded sleep 1 to ikev1/xauth-rsa-nosecret scenario
Andreas Steffen [Thu, 14 Feb 2008 21:23:48 +0000 (21:23 -0000)]
added sleep 1 to ikev1/xauth-rsa-nosecret scenario

12 years agorefactored connect_manager_t to use the find functions on linked lists
Tobias Brunner [Thu, 14 Feb 2008 13:42:36 +0000 (13:42 -0000)]
refactored connect_manager_t to use the find functions on linked lists

12 years agofind methods for linked lists
Tobias Brunner [Thu, 14 Feb 2008 12:29:29 +0000 (12:29 -0000)]
find methods for linked lists

12 years agosome websites append a newline character to a DER-encoded binary blob
Andreas Steffen [Tue, 5 Feb 2008 19:27:05 +0000 (19:27 -0000)]
some websites append a newline character to a DER-encoded binary blob

12 years agosplit connections with different virtual IPs in different peer_cfgs
Martin Willi [Tue, 5 Feb 2008 12:39:30 +0000 (12:39 -0000)]
split connections with different virtual IPs in different peer_cfgs
respect different peer_cfg's when initiating a CHILD_SA within an existing IKE_SA

12 years ago * replaced __thread with pthread_key_t/pthread_setspecific
Tobias Brunner [Tue, 5 Feb 2008 09:31:21 +0000 (09:31 -0000)]
 * replaced __thread with pthread_key_t/pthread_setspecific
 * use pthread_once to initialize the request handler

12 years agoEAP-SIM server and client test module added
Andreas Steffen [Mon, 4 Feb 2008 20:55:57 +0000 (20:55 -0000)]
EAP-SIM server and client test module added

12 years agoimplemented IKEV2 EAP-SIM server and client test module that use triplets stored...
Andreas Steffen [Mon, 4 Feb 2008 14:52:06 +0000 (14:52 -0000)]
implemented IKEV2 EAP-SIM server and client test module that use triplets stored in a file. For details see the scenario 'ikev2/rw-eap-sim-rsa'

12 years agouse the new options_t class
Andreas Steffen [Mon, 4 Feb 2008 14:46:43 +0000 (14:46 -0000)]
use the new options_t class

12 years agofixed tabs
Andreas Steffen [Mon, 4 Feb 2008 14:45:50 +0000 (14:45 -0000)]
fixed tabs

12 years agorefactored optionsfrom as in an object-oriented way using the options_t class. Elimin...
Andreas Steffen [Mon, 4 Feb 2008 14:44:14 +0000 (14:44 -0000)]
refactored optionsfrom as in an object-oriented way using the options_t class. Eliminated all memory leaks

12 years agouse identifiers in EAP_SUCCESS/EAP_FAILURE payloads
Martin Willi [Mon, 4 Feb 2008 11:43:10 +0000 (11:43 -0000)]
use identifiers in EAP_SUCCESS/EAP_FAILURE payloads

12 years agoparse signedData object with empty content
Andreas Steffen [Sat, 2 Feb 2008 00:29:03 +0000 (00:29 -0000)]
parse signedData object with empty content

12 years agobuild_signedData() now computes messageDigest attribute
Andreas Steffen [Fri, 1 Feb 2008 22:26:01 +0000 (22:26 -0000)]
build_signedData() now computes messageDigest attribute

12 years agoadded set_messageDigest() and get_messageDigest() methods
Andreas Steffen [Fri, 1 Feb 2008 22:24:51 +0000 (22:24 -0000)]
added set_messageDigest() and get_messageDigest() methods

12 years agoextended and debugged PKCS#7 signedData support
Andreas Steffen [Fri, 1 Feb 2008 14:19:26 +0000 (14:19 -0000)]
extended and debugged PKCS#7 signedData support

12 years agoadded S/MIME capabilities OID
Andreas Steffen [Fri, 1 Feb 2008 10:40:03 +0000 (10:40 -0000)]
added S/MIME capabilities OID

12 years agochanged tabs to 4 spaces
Andreas Steffen [Fri, 1 Feb 2008 01:01:17 +0000 (01:01 -0000)]
changed tabs to 4 spaces

12 years agotwo bug fixes
Andreas Steffen [Fri, 1 Feb 2008 00:15:27 +0000 (00:15 -0000)]
two bug fixes

12 years agonext_payload must be of type u_int8_t
Andreas Steffen [Fri, 1 Feb 2008 00:07:56 +0000 (00:07 -0000)]
next_payload must be of type u_int8_t

12 years agoNAT-T conditions were not inherited during IKE_SA rekeying
Andreas Steffen [Tue, 29 Jan 2008 01:41:47 +0000 (01:41 -0000)]
NAT-T conditions were not inherited during IKE_SA rekeying

12 years agofixed comment
Andreas Steffen [Sun, 27 Jan 2008 20:59:22 +0000 (20:59 -0000)]
fixed comment

12 years agoimplemented pkcs1_encrypt()
Andreas Steffen [Sun, 27 Jan 2008 20:58:52 +0000 (20:58 -0000)]
implemented pkcs1_encrypt()

12 years agofixed padding bug in RSA_encrypt()
Andreas Steffen [Sun, 27 Jan 2008 20:17:15 +0000 (20:17 -0000)]
fixed padding bug in RSA_encrypt()

12 years agoadded RCSID
Andreas Steffen [Tue, 22 Jan 2008 10:52:26 +0000 (10:52 -0000)]
added RCSID

12 years agoadded md2WithRSA algorithm identifier
Andreas Steffen [Tue, 22 Jan 2008 10:52:03 +0000 (10:52 -0000)]
added md2WithRSA algorithm identifier

12 years agoextended asn1_algorithmIdentifier() to SHA-2
Andreas Steffen [Tue, 22 Jan 2008 10:34:44 +0000 (10:34 -0000)]
extended asn1_algorithmIdentifier() to SHA-2

12 years agoextended asn1_algorithmIdentifier() to SHA-2
Andreas Steffen [Tue, 22 Jan 2008 10:32:37 +0000 (10:32 -0000)]
extended asn1_algorithmIdentifier() to SHA-2

12 years agox509_t.build_encoding() now supports any hash algorithm
Andreas Steffen [Tue, 22 Jan 2008 01:32:12 +0000 (01:32 -0000)]
x509_t.build_encoding() now supports any hash algorithm

12 years agofully implemented x509_create()
Andreas Steffen [Tue, 22 Jan 2008 01:09:19 +0000 (01:09 -0000)]
fully implemented x509_create()

12 years agofixed destruction of generalNames linked list
Andreas Steffen [Mon, 21 Jan 2008 22:56:58 +0000 (22:56 -0000)]
fixed destruction of generalNames linked list

12 years agofixed parsing and building of generalNames
Andreas Steffen [Mon, 21 Jan 2008 10:00:13 +0000 (10:00 -0000)]
fixed parsing and building of generalNames

12 years agoimplemented rsa_private_key_t.get_public_key()
Andreas Steffen [Mon, 21 Jan 2008 00:36:38 +0000 (00:36 -0000)]
implemented rsa_private_key_t.get_public_key()

12 years agoadded rsa_public_key_create(mpz_t n, mpz_t e)
Andreas Steffen [Mon, 21 Jan 2008 00:34:41 +0000 (00:34 -0000)]
added rsa_public_key_create(mpz_t n, mpz_t e)

12 years agoadded notBefore and notAfter to x509_create()
Andreas Steffen [Mon, 21 Jan 2008 00:30:26 +0000 (00:30 -0000)]
added notBefore and notAfter to x509_create()

12 years agoadded --with-plugindir option
Andreas Steffen [Sun, 20 Jan 2008 17:57:38 +0000 (17:57 -0000)]
added --with-plugindir option

12 years agoadded missing hasher include
Martin Willi [Thu, 3 Jan 2008 10:42:21 +0000 (10:42 -0000)]
added missing hasher include

12 years agoversion bump to 4.2.0
Andreas Steffen [Mon, 24 Dec 2007 18:07:55 +0000 (18:07 -0000)]
version bump to 4.2.0

12 years agoadd ip xfrm state test for ikev1 transport mode
Andreas Steffen [Wed, 19 Dec 2007 21:02:15 +0000 (21:02 -0000)]
add ip xfrm state test for ikev1 transport mode

12 years agoversion bumps
Andreas Steffen [Wed, 19 Dec 2007 21:01:19 +0000 (21:01 -0000)]
version bumps

12 years agoinclude pipe-thin-green icons in distribution 4.1.10
Andreas Steffen [Wed, 19 Dec 2007 21:00:52 +0000 (21:00 -0000)]
include pipe-thin-green icons in distribution

12 years agoadded a-v-m-c-w-med.png topology graph
Andreas Steffen [Wed, 19 Dec 2007 20:59:54 +0000 (20:59 -0000)]
added a-v-m-c-w-med.png topology graph

12 years agoadded behind-same-nat p2p scenario
Andreas Steffen [Wed, 19 Dec 2007 17:55:08 +0000 (17:55 -0000)]
added behind-same-nat p2p scenario

12 years agoset nexthop default value to 0::0 in IPv6 connections
Andreas Steffen [Wed, 19 Dec 2007 00:49:32 +0000 (00:49 -0000)]
set nexthop default value to 0::0 in IPv6 connections

12 years agoset --enable-eap-aka in UML scenarios
Andreas Steffen [Wed, 19 Dec 2007 00:47:56 +0000 (00:47 -0000)]
set --enable-eap-aka in UML scenarios

12 years agocheck ip xfrm state in IKEv1 and IKEv2 transport mode scenarios
Andreas Steffen [Wed, 19 Dec 2007 00:47:21 +0000 (00:47 -0000)]
check ip xfrm state in IKEv1 and IKEv2 transport mode scenarios

12 years agoadded ipv6 transport mode scenarios for IKEv1 and IKEv2
Andreas Steffen [Wed, 19 Dec 2007 00:45:26 +0000 (00:45 -0000)]
added ipv6 transport mode scenarios for IKEv1 and IKEv2

12 years agoupdated rw-eap-aka-rsa scenario
Andreas Steffen [Wed, 19 Dec 2007 00:11:20 +0000 (00:11 -0000)]
updated rw-eap-aka-rsa scenario

12 years agomake config view in strongSwan manager look similar to ikesa view
Andreas Steffen [Tue, 18 Dec 2007 15:41:37 +0000 (15:41 -0000)]
make config view in strongSwan manager look similar to ikesa view

12 years agofixed EAP-MD5 to accept Name attribute in challenge
Martin Willi [Tue, 18 Dec 2007 10:44:44 +0000 (10:44 -0000)]
fixed EAP-MD5 to accept Name attribute in challenge

12 years agoupdated NEWS
Martin Willi [Thu, 13 Dec 2007 17:52:49 +0000 (17:52 -0000)]
updated NEWS

12 years agoimplemented Expanded EAP types to support vendor specific methods
Martin Willi [Thu, 13 Dec 2007 17:31:21 +0000 (17:31 -0000)]
implemented Expanded EAP types to support vendor specific methods

12 years agofixed actual ID length when AT_IDENTITY gets padded
Martin Willi [Thu, 13 Dec 2007 14:39:38 +0000 (14:39 -0000)]
fixed actual ID length when AT_IDENTITY gets padded

12 years agoported EAP-AKA branch into trunk
Martin Willi [Thu, 13 Dec 2007 10:54:29 +0000 (10:54 -0000)]
ported EAP-AKA branch into trunk

12 years agosbindir is required in the PATH of ipsec
Andreas Steffen [Wed, 12 Dec 2007 22:27:40 +0000 (22:27 -0000)]
sbindir is required in the PATH of ipsec

12 years agosbindir is required in the PATH of _updown
Andreas Steffen [Wed, 12 Dec 2007 22:12:10 +0000 (22:12 -0000)]
sbindir is required in the PATH of _updown

12 years agoadded ocsp cache bug fix to NEWS
Andreas Steffen [Wed, 12 Dec 2007 21:03:17 +0000 (21:03 -0000)]
added ocsp cache bug fix to NEWS

12 years agofixed error in the ordering of the certinfo_t records in the ocsp cache that caused...
Andreas Steffen [Wed, 12 Dec 2007 20:25:50 +0000 (20:25 -0000)]
fixed error in the ordering of the certinfo_t records in the ocsp cache that caused multiple entries of the same serial number to be created. This was caused by the iterator_t method insert_after() that inserts a record in the first instead of the last position of a linked list if the end of the list is reached. Fix: use linked_list_t method insert_last() instead.

12 years agodefine a minimum PATH environment
Andreas Steffen [Wed, 12 Dec 2007 14:56:35 +0000 (14:56 -0000)]
define a minimum PATH environment