diff --git a/CREDITS b/CREDITS index 41aa48338..4ee6faac6 100644 --- a/CREDITS +++ b/CREDITS @@ -10,9 +10,8 @@ Peter Onion has collaborated extensively with RGB on PFKEY2 stuff. The original version of our IPComp code came from Svenning Soerensen, who has also contributed various bug fixes and improvements. -The first versions of KLIPS were done by John Ioannidis . The -first versions of Pluto (and further work on KLIPS) were done by Angelos -D. Keromytis . +The first versions of Pluto were done by Angelos D. Keromytis +. The MD2 implementation is from RSA Data Security Inc., so this package must include the following phrase: "RSA Data Security, Inc. MD2 Message Digest @@ -37,9 +36,6 @@ The SHA-1 code is derived from Steve Reid's; it is public domain. Some bits of Linux code, notably drivers/net/new_tunnel.c and net/ipv4/ipip.c, are used in heavily modified forms. -The radix-tree code from 4.4BSD is used in a modified form. It is not -under the GPL; see details in klips/net/ipsec/radij.c. - The lib/pfkeyv2.h header file contains public-domain material published in RFC 2367. @@ -107,7 +103,8 @@ The ipsec starter is based on Mathieu Lafon's original work. Jan Hutter and Martin Willi developed the scepclient which fully supports Cisco's Simple Certificate Enrollment Protocol (SCEP). -Tobias Brunner and Daniel Roethlisberger implemented NAT traversal and dead -peer detection for the IKEv2 keying daemon. +Tobias Brunner and Daniel Roethlisberger implemented NAT traversal and +dead peer detection for the IKEv2 keying daemon. -This file is RCSID $Id: CREDITS,v 1.6 2006/01/22 21:28:27 as Exp $ +Daniel Wydler implemented the integrity test of the libstrongswan code +using the FIPS_canister code from the OpenSSL-FIPS project. diff --git a/LICENSE b/LICENSE index 888d79aa2..ce8c4ae30 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,5 @@ Except for the DES library, MD2 and MD5 code, the PKCS#11 headers, and -linux/net/ipsec/radij.c this software is under the GNU Public License, +the FIPS_canister code this software is under the GNU Public License, see the file COPYING. See the file CREDITS for details on origins of more of the code. @@ -17,10 +17,15 @@ include the following phrase: "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm". It is not under the GPL; see details in src/pluto/md5.c -The PKCS#11 header files in programs/pluto/rsaref/ are from RSA Security Inc., +The PKCS#11 header files in src/pluto/rsaref/ are from RSA Security Inc., so they must include the following phrase: "RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki)". The headers are not under the GPL; see details in src/pluto/rsaref/pkcs11.h. +The FIPS_canister code in src/libstrongswan/fips that is used to determine +the start (fips_canister_start.c) and end (fips_canister_end.c) of the +libstrongswan TEXT and RODATA segments is under the OpenSSL licence. It is +not under the GPL; see www.openssl.org. + In addition to the terms set out under the GPL, permission is granted to link the software against the libdes, MD2, and MD5 libraries just mentioned. diff --git a/NEWS b/NEWS index 5cf424974..2f47e85db 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ strongswan-4.1.6 ---------------- +- the --enable-integrity-test configure option tests the + integrity of the libstrongswan crypto code during the charon + startup. + - ipsec stroke now supports the rereadsecrets, rereadaacerts, rereadacerts, and listacerts options.