strongswan.git
10 years agoadded missing tfc argument to kernel_pfkey_ipsec interface
Andreas Steffen [Mon, 27 Dec 2010 04:53:36 +0000 (05:53 +0100)]
added missing tfc argument to kernel_pfkey_ipsec interface

10 years agoset tfcv3 flag TRUE in ha_dispatcher
Andreas Steffen [Sun, 26 Dec 2010 22:10:57 +0000 (23:10 +0100)]
set tfcv3 flag TRUE in ha_dispatcher

10 years agoimplemented wrap around of registered IKEv1 algorithm names
Andreas Steffen [Sun, 26 Dec 2010 16:11:02 +0000 (17:11 +0100)]
implemented wrap around of registered IKEv1 algorithm names

10 years agodisable AEAD crypto algorithm if no key size is supported
Andreas Steffen [Sat, 25 Dec 2010 15:14:55 +0000 (16:14 +0100)]
disable AEAD crypto algorithm if no key size is supported

10 years agodisable crypto algorithm if no key size is supported
Andreas Steffen [Sat, 25 Dec 2010 15:11:50 +0000 (16:11 +0100)]
disable crypto algorithm if no key size is supported

10 years agolog if an AEAD algorithm does not support a given key size
Andreas Steffen [Sat, 25 Dec 2010 14:53:15 +0000 (15:53 +0100)]
log if an AEAD algorithm does not support a given key size

10 years agolog if a crypto algorithm does not support a given key size
Andreas Steffen [Sat, 25 Dec 2010 14:49:29 +0000 (15:49 +0100)]
log if a crypto algorithm does not support a given key size

10 years agowrap list of IKEv2 algorithms after 120 characters per line
Andreas Steffen [Fri, 24 Dec 2010 16:29:51 +0000 (17:29 +0100)]
wrap list of IKEv2 algorithms after 120 characters per line

10 years agoMigrated stroke_list_t to INIT/METHOD macros
Andreas Steffen [Fri, 24 Dec 2010 13:29:09 +0000 (14:29 +0100)]
Migrated stroke_list_t to INIT/METHOD macros

10 years agoprinted plugin names have a hyphen
Andreas Steffen [Fri, 24 Dec 2010 04:53:27 +0000 (05:53 +0100)]
printed plugin names have a hyphen

10 years agoFixed public key construction from PKCS#11 private key
Martin Willi [Thu, 23 Dec 2010 09:29:01 +0000 (10:29 +0100)]
Fixed public key construction from PKCS#11 private key

10 years agoeliminated whitespace
Andreas Steffen [Tue, 21 Dec 2010 16:51:27 +0000 (17:51 +0100)]
eliminated whitespace

10 years agoMigrated child_create_t to INIT/METHOD macros
Andreas Steffen [Tue, 21 Dec 2010 16:45:10 +0000 (17:45 +0100)]
Migrated child_create_t to INIT/METHOD macros

10 years agoAdded NEWS for af-alg plugin
Martin Willi [Mon, 20 Dec 2010 09:22:14 +0000 (10:22 +0100)]
Added NEWS for af-alg plugin

10 years agoProbe for supported AF_ALG algorithms, register dynamically
Martin Willi [Mon, 8 Nov 2010 13:56:23 +0000 (14:56 +0100)]
Probe for supported AF_ALG algorithms, register dynamically

10 years agoRegister algorithms with dependencies only if dependency available
Martin Willi [Mon, 8 Nov 2010 13:20:15 +0000 (14:20 +0100)]
Register algorithms with dependencies only if dependency available

10 years agoRegister some less common AF_ALG ciphers (cast5, serpent, twofish, blowfish)
Martin Willi [Mon, 8 Nov 2010 10:58:01 +0000 (11:58 +0100)]
Register some less common AF_ALG ciphers (cast5, serpent, twofish, blowfish)

10 years agoImplemented PRFs using AF_ALG
Martin Willi [Mon, 8 Nov 2010 10:41:01 +0000 (11:41 +0100)]
Implemented PRFs using AF_ALG

10 years agoUse the AF_ALG wrapper in hasher, crypter and signer
Martin Willi [Mon, 8 Nov 2010 10:02:35 +0000 (10:02 +0000)]
Use the AF_ALG wrapper in hasher, crypter and signer

10 years agoUse a generic AF_ALG wrapper for common operations
Martin Willi [Mon, 8 Nov 2010 09:59:54 +0000 (10:59 +0100)]
Use a generic AF_ALG wrapper for common operations

10 years agoImplemented crypter on top of AF_ALG
Martin Willi [Sat, 6 Nov 2010 10:03:12 +0000 (11:03 +0100)]
Implemented crypter on top of AF_ALG

10 years agoImplemented signer interface using AF_ALG
Martin Willi [Fri, 5 Nov 2010 20:29:43 +0000 (21:29 +0100)]
Implemented signer interface using AF_ALG

10 years agoImplemented hasher based on AF_ALG
Martin Willi [Fri, 5 Nov 2010 15:55:53 +0000 (15:55 +0000)]
Implemented hasher based on AF_ALG

10 years agoAdded Linux AF_ALG header
Martin Willi [Fri, 5 Nov 2010 15:15:51 +0000 (16:15 +0100)]
Added Linux AF_ALG header

10 years agoAdded plugin stub for AF_ALG
Martin Willi [Fri, 5 Nov 2010 15:15:13 +0000 (16:15 +0100)]
Added plugin stub for AF_ALG

10 years agoAdded NEWS about TFC padding
Martin Willi [Mon, 20 Dec 2010 08:51:33 +0000 (09:51 +0100)]
Added NEWS about TFC padding

10 years agoAdded a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
Martin Willi [Tue, 30 Nov 2010 18:19:56 +0000 (19:19 +0100)]
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality

10 years agoDo not use TFC padding if peer does not support ESPv3
Martin Willi [Wed, 8 Dec 2010 12:41:51 +0000 (12:41 +0000)]
Do not use TFC padding if peer does not support ESPv3

10 years agoAdded a TFC padding option to child_cfg
Martin Willi [Wed, 8 Dec 2010 12:41:04 +0000 (12:41 +0000)]
Added a TFC padding option to child_cfg

10 years agoImplemented Traffic Flow Confidentiality padding in kernel_interface
Martin Willi [Tue, 30 Nov 2010 16:17:30 +0000 (16:17 +0000)]
Implemented Traffic Flow Confidentiality padding in kernel_interface

10 years agoversion bump to 4.5.1dr4
Andreas Steffen [Sun, 19 Dec 2010 08:46:59 +0000 (09:46 +0100)]
version bump to 4.5.1dr4

10 years agocast enumerated algorithm type as int
Andreas Steffen [Sat, 18 Dec 2010 19:24:53 +0000 (20:24 +0100)]
cast enumerated algorithm type as int

10 years agoupdated NEWS with new ipsec listalgs feature
Andreas Steffen [Sat, 18 Dec 2010 15:44:29 +0000 (16:44 +0100)]
updated NEWS with new ipsec listalgs feature

10 years agotrace back crypto algorithms to the plugins that registered them
Andreas Steffen [Sat, 18 Dec 2010 15:31:01 +0000 (16:31 +0100)]
trace back crypto algorithms to the plugins that registered them

10 years agoAdded news about changes regarding strongswan.conf.
Tobias Brunner [Fri, 17 Dec 2010 16:32:14 +0000 (17:32 +0100)]
Added news about changes regarding strongswan.conf.

10 years agoMoved "Reading values" section, typo fixed.
Tobias Brunner [Fri, 17 Dec 2010 16:31:42 +0000 (17:31 +0100)]
Moved "Reading values" section, typo fixed.

10 years agoversion bump to 4.5.1dr3
Andreas Steffen [Wed, 15 Dec 2010 07:56:32 +0000 (08:56 +0100)]
version bump to 4.5.1dr3

10 years agoInstall selectors on transport mode IPsec SAs.
Jiri Bohac [Mon, 13 Dec 2010 14:28:40 +0000 (15:28 +0100)]
Install selectors on transport mode IPsec SAs.

This fixes several test cases in IKEv2_Self_Test (part of the IPv6 Ready
Logo Program) which is required for USGv6 certification, namely:

  - IKEv2.EN.I.1.1.7.1, IKEv2.EN.I.1.1.7.1: Narrowing the range of members
    of the set of traffic selectors
  - IKEv2.EN.R.1.1.7.3: Narrowing multiple traffic selector

When traffic selectors of a triggered SA are narrowed by the responder, the
installed policy and the broader trap policy share the same reqid.  Without
selectors on the IPsec SA packets matching the trap policy, but not the
narrowed policy, would incorrectly be handled by that IPsec SA.  Since only
one selector can be specified per IPsec SA, there is currently no solution
for tunnel mode SAs.

10 years agoincrease sleep time in mediation scenarios
Andreas Steffen [Sun, 12 Dec 2010 20:54:44 +0000 (21:54 +0100)]
increase sleep time in mediation scenarios

10 years agofixed bug in mem_cred.c:add_crl()
Andreas Steffen [Sun, 12 Dec 2010 20:34:27 +0000 (21:34 +0100)]
fixed bug in mem_cred.c:add_crl()

10 years agoreverted Connection ID to capital letters
Andreas Steffen [Sun, 12 Dec 2010 11:55:14 +0000 (12:55 +0100)]
reverted Connection ID to capital letters

10 years agofixed a bug in enum_from_name() function
Andreas Steffen [Sun, 12 Dec 2010 11:54:36 +0000 (12:54 +0100)]
fixed a bug in enum_from_name() function

10 years agoreorganized ikev2/rw-eap-tnc scenarios
Andreas Steffen [Sun, 12 Dec 2010 11:51:14 +0000 (12:51 +0100)]
reorganized ikev2/rw-eap-tnc scenarios

10 years agoadded the ikev2/rw-eap-tnc-20 scenario
Andreas Steffen [Sun, 12 Dec 2010 09:47:16 +0000 (10:47 +0100)]
added the ikev2/rw-eap-tnc-20 scenario

10 years agoNEWS for the 4.5.1dr2 release
Andreas Steffen [Sun, 12 Dec 2010 09:46:43 +0000 (10:46 +0100)]
NEWS for the 4.5.1dr2 release

10 years agosome more cosmetics
Andreas Steffen [Sun, 12 Dec 2010 09:19:54 +0000 (10:19 +0100)]
some more cosmetics

10 years agofinal cosmetics in PB-TNC debug output
Andreas Steffen [Sun, 12 Dec 2010 09:17:43 +0000 (10:17 +0100)]
final cosmetics in PB-TNC debug output

10 years agoimplemented PB-TNC message parsing checks
Andreas Steffen [Sat, 11 Dec 2010 23:42:31 +0000 (00:42 +0100)]
implemented PB-TNC message parsing checks

10 years agosome code optimizations
Andreas Steffen [Fri, 10 Dec 2010 23:52:53 +0000 (00:52 +0100)]
some code optimizations

10 years agosupport handshake retry requests
Andreas Steffen [Fri, 10 Dec 2010 22:41:12 +0000 (23:41 +0100)]
support handshake retry requests

10 years agothe PB-TNC protocol is working
Andreas Steffen [Fri, 10 Dec 2010 22:21:13 +0000 (23:21 +0100)]
the PB-TNC protocol is working

10 years agorefactored message handling
Andreas Steffen [Fri, 10 Dec 2010 16:09:21 +0000 (17:09 +0100)]
refactored message handling

10 years agodo not accept results and recommendation messages from clients
Andreas Steffen [Fri, 10 Dec 2010 16:04:11 +0000 (17:04 +0100)]
do not accept results and recommendation messages from clients

10 years agodefined some additional Private Enterprise Numbers
Andreas Steffen [Fri, 10 Dec 2010 13:58:33 +0000 (14:58 +0100)]
defined some additional Private Enterprise Numbers

10 years agodefine pb_tnc_state_machine_t object
Andreas Steffen [Fri, 10 Dec 2010 13:56:40 +0000 (14:56 +0100)]
define pb_tnc_state_machine_t object

10 years agodebug cosmetics
Andreas Steffen [Fri, 10 Dec 2010 10:54:51 +0000 (11:54 +0100)]
debug cosmetics

10 years agoRenamed purgex509/crl to purgecerts/crls to be consistent with list commands
Martin Willi [Fri, 10 Dec 2010 10:16:39 +0000 (11:16 +0100)]
Renamed purgex509/crl to purgecerts/crls to be consistent with list commands

10 years agoimplemented handling of received PB-TNC messages
Andreas Steffen [Fri, 10 Dec 2010 10:16:08 +0000 (11:16 +0100)]
implemented handling of received PB-TNC messages

10 years agoAdded options to flush CRLs/X509 certs from the cert cache
Martin Willi [Thu, 9 Dec 2010 09:06:25 +0000 (10:06 +0100)]
Added options to flush CRLs/X509 certs from the cert cache

10 years agorefactored PB-TNC state machine in receive direction
Andreas Steffen [Thu, 9 Dec 2010 22:38:38 +0000 (23:38 +0100)]
refactored PB-TNC state machine in receive direction

10 years agorefactored PB-TNC state machine in send direction
Andreas Steffen [Thu, 9 Dec 2010 22:18:55 +0000 (23:18 +0100)]
refactored PB-TNC state machine in send direction

10 years agopb_tnc_batch_t class implements parsing and building of PB-TNC batches
Andreas Steffen [Thu, 9 Dec 2010 20:33:12 +0000 (21:33 +0100)]
pb_tnc_batch_t class implements parsing and building of PB-TNC batches

10 years agofixed memory corruption
Andreas Steffen [Wed, 8 Dec 2010 11:12:15 +0000 (12:12 +0100)]
fixed memory corruption

10 years agoNever register IKE_SA during checkout_new, as rekeying keeps it checked out
Martin Willi [Tue, 7 Dec 2010 10:41:41 +0000 (11:41 +0100)]
Never register IKE_SA during checkout_new, as rekeying keeps it checked out

10 years agoInclude the destination net in the policy priority calculation.
Tobias Brunner [Tue, 7 Dec 2010 10:58:09 +0000 (11:58 +0100)]
Include the destination net in the policy priority calculation.

The resulting priorities are as follows:

    IPv6               IPv4
    routed   normal    routed   normal
max 4096(+3) 2048(+3)  4096(+3) 2048(+3)
min 3072     1024      3840     1792

Where min is for a policy between two single hosts and max is
for /0 on both ends (lower priorities are preferred by the kernel).
(+3) applies for cases where no protocol and no ports are defined.

10 years agoadded newline
Andreas Steffen [Tue, 7 Dec 2010 08:02:55 +0000 (09:02 +0100)]
added newline

10 years agore-introduced comment
Andreas Steffen [Tue, 7 Dec 2010 08:01:28 +0000 (09:01 +0100)]
re-introduced comment

10 years agoMigrated stroke_control_t to INIT/METHOD macros
Andreas Steffen [Tue, 7 Dec 2010 07:58:57 +0000 (08:58 +0100)]
Migrated stroke_control_t to INIT/METHOD macros

10 years agoMigrated stroke_plugin_t to INIT/METHOD macros
Andreas Steffen [Tue, 7 Dec 2010 07:01:45 +0000 (08:01 +0100)]
Migrated stroke_plugin_t to INIT/METHOD macros

10 years agoGuarantee entry->other is set when calling put_connected_peers
Thomas Egerer [Fri, 3 Dec 2010 08:23:06 +0000 (09:23 +0100)]
Guarantee entry->other is set when calling put_connected_peers

Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.

10 years agoadded sql/multi-level-ca scenario
Andreas Steffen [Sun, 5 Dec 2010 20:53:43 +0000 (21:53 +0100)]
added sql/multi-level-ca scenario

10 years agostupid typo
Andreas Steffen [Sun, 5 Dec 2010 14:48:22 +0000 (15:48 +0100)]
stupid typo

10 years agocosmetics
Andreas Steffen [Sun, 5 Dec 2010 14:23:18 +0000 (15:23 +0100)]
cosmetics

10 years agocosmetics
Andreas Steffen [Sun, 5 Dec 2010 14:16:15 +0000 (15:16 +0100)]
cosmetics

10 years agoadded parsing checks
Andreas Steffen [Sun, 5 Dec 2010 14:01:01 +0000 (15:01 +0100)]
added parsing checks

10 years agooutput TLS-independent error messages
Andreas Steffen [Sun, 5 Dec 2010 13:55:18 +0000 (14:55 +0100)]
output TLS-independent error messages

10 years agoadded certificate_authorities and certificate_distribution_points tables
Andreas Steffen [Sun, 5 Dec 2010 10:30:06 +0000 (11:30 +0100)]
added certificate_authorities and certificate_distribution_points tables

10 years agosupport of reqid field in SQL database
Andreas Steffen [Sun, 5 Dec 2010 10:21:40 +0000 (11:21 +0100)]
support of reqid field in SQL database

10 years agofixed pb_reason_string_message_t class
Andreas Steffen [Sun, 5 Dec 2010 10:20:18 +0000 (11:20 +0100)]
fixed pb_reason_string_message_t class

10 years agoMigrated fips_prf plugin to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 19:56:21 +0000 (20:56 +0100)]
Migrated fips_prf plugin to INIT/METHOD macros

10 years agoMigrated md4_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 19:45:49 +0000 (20:45 +0100)]
Migrated md4_plugin_t to INIT/METHOD macros

10 years agoMigrated md5_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 19:43:41 +0000 (20:43 +0100)]
Migrated md5_plugin_t to INIT/METHOD macros

10 years agoMigrated ldap plugin to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 19:15:59 +0000 (20:15 +0100)]
Migrated ldap plugin to INIT/METHOD macros

10 years agoMigrated pubkey_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 14:43:04 +0000 (15:43 +0100)]
Migrated pubkey_plugin_t to INIT/METHOD macros

10 years agoMigrated pkcs1_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 10:43:06 +0000 (11:43 +0100)]
Migrated pkcs1_plugin_t to INIT/METHOD macros

10 years agoMigrated curl_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 10:40:40 +0000 (11:40 +0100)]
Migrated curl_plugin_t to INIT/METHOD macros

10 years agoMigrated random plugin to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 10:37:03 +0000 (11:37 +0100)]
Migrated random plugin to INIT/METHOD macros

10 years agoMigrated sha1_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 10:26:02 +0000 (11:26 +0100)]
Migrated sha1_plugin_t to INIT/METHOD macros

10 years agoMigrated sha2_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 09:48:42 +0000 (10:48 +0100)]
Migrated sha2_plugin_t to INIT/METHOD macros

10 years agoMigrated mysql plugin to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 09:38:35 +0000 (10:38 +0100)]
Migrated mysql plugin to INIT/METHOD macros

10 years agouse private destroy() function
Andreas Steffen [Sat, 4 Dec 2010 09:28:30 +0000 (10:28 +0100)]
use private destroy() function

10 years agoMigrated sqlite plugin to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 09:20:33 +0000 (10:20 +0100)]
Migrated sqlite plugin to INIT/METHOD macros

10 years agoMigrated test_vectors_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 09:10:37 +0000 (10:10 +0100)]
Migrated test_vectors_plugin_t to INIT/METHOD macros

10 years agoMigrated x509_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 09:07:56 +0000 (10:07 +0100)]
Migrated x509_plugin_t to INIT/METHOD macros

10 years agoMigrated pgp_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 08:30:25 +0000 (09:30 +0100)]
Migrated pgp_plugin_t to INIT/METHOD macros

10 years agoMigrated pem_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 08:25:22 +0000 (09:25 +0100)]
Migrated pem_plugin_t to INIT/METHOD macros

10 years agoMigrated dnskey_plugin_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 08:20:53 +0000 (09:20 +0100)]
Migrated dnskey_plugin_t to INIT/METHOD macros

10 years agoMigrated options_t to INIT/METHOD macros
Andreas Steffen [Sat, 4 Dec 2010 07:21:21 +0000 (08:21 +0100)]
Migrated options_t to INIT/METHOD macros

10 years agoCDP enumerator added to SQL plugin.
Tobias Brunner [Tue, 30 Nov 2010 17:44:55 +0000 (18:44 +0100)]
CDP enumerator added to SQL plugin.

10 years agoTables added for CAs and CDPs.
Tobias Brunner [Tue, 30 Nov 2010 17:43:50 +0000 (18:43 +0100)]
Tables added for CAs and CDPs.