149d1bbb05
memory: Use explicit_bzero() as memwipe() if available
2019-08-22 15:04:45 +02:00
05e3751ebb
fuzz: Support build with -fsanitize=fuzzer instead of libFuzzer.a
...
Recent clang versions (6.0+) include libFuzzer and OSS-Fuzz switched to
that mode a while ago.
2019-07-17 11:44:27 +02:00
ab1aa03bf5
Version bump to 5.8.1dr1
2019-06-26 17:32:33 +02:00
55dd0361b8
Version bump to 5.8.0
2019-05-20 12:31:08 +02:00
74ac0c9efd
Version bump to 5.8.0rc1
2019-05-10 12:55:48 +02:00
1815c1de52
init: Rename systemd units
...
Use strongswan-starter for the legacy unit and simply strongswan for the
modern one (strongswan-swanctl is configured as alias, which should
cause the installation of symlinks when the service is enabled via
systemctl).
2019-04-24 13:57:48 +02:00
d50bb81c7d
travis: Run tests against wolfSSL
...
Check for wolfssl/options.h because if it isn't included, checking other
headers will trigger a warning about hardening the wolfSSL build, which
will cause the check to fail with -Werror.
If the file doesn't exist because user_settings.h is used, the check may
be skipped by configuring with `ac_cv_header_wolfssl_options_h=yes`.
2019-04-24 12:26:08 +02:00
c92eade82c
wolfssl: Add wolfSSL plugin for cryptographic implementations
2019-04-24 11:40:14 +02:00
ebe2bedebd
configure: Fix package version for python packages for developer releases
...
According to PEP 440 the suffix for development releases is .devN and
not just devN.
2019-04-04 09:36:38 +02:00
d74ddd7893
xfrmi: Move to a separate directory to fix monolithic build
2019-04-04 09:31:38 +02:00
7b5eee65a0
Version bump to 5.8.0dr2
2019-03-30 17:11:34 +01:00
08a7326181
Version bump to 5.8.0dr1
2019-03-13 19:02:42 +01:00
eb16352232
Version bump to 5.7.2
2018-12-27 12:11:49 +01:00
023b9c0edc
Version bump to 5.7.2rc1
2018-12-19 13:21:48 +01:00
7cf3f97e56
Version bump to 5.7.2dr4
2018-12-09 19:53:31 +01:00
ff3f09af45
Version bump to 5.7.2dr3
2018-11-12 16:24:53 +01:00
0e80eb235d
Version bump to 5.7.2dr2
2018-10-31 14:22:03 +01:00
f5565683b9
Version bump to 5.7.2dr1
2018-10-26 18:47:48 +02:00
6e55856830
fuzzing: Add -lm to LDFLAGS if the coverage sanitizer is used
...
libFuzzer apparently uses math functions (e.g. ceilf) for that sanitizer.
2018-10-02 10:58:40 +02:00
04ef28b4df
Version bump to 5.7.1
2018-10-01 17:46:17 +02:00
2a327d438c
Version bump to 5.7.0
2018-09-24 11:10:12 +02:00
1dd382b888
Version bump to 5.7.0rc2
2018-09-18 16:03:23 +02:00
11b4a87050
Version bump to 5.7.0rc1
2018-09-16 09:30:18 +02:00
af26cc4d85
botan: Add Botan plugin to libstrongswan
2018-09-12 16:25:00 +02:00
66c4735f99
dumm: Remove the Dynamic UML Mesh Modeler framework
...
This has been pretty much defunct for several years (requires a
specially patched UML-enabled guest kernel).
2018-09-12 15:53:55 +02:00
a019c95b72
Version bump to 5.7.0dr8
2018-08-02 07:30:05 +02:00
041efa6ed3
Version bump to 5.7.0dr6
2018-07-21 09:30:53 +02:00
9a7a962348
Version bump to 5.7.0dr5
2018-07-19 14:57:18 +02:00
e74e920bbc
libtpmtss: Support for TSS2 v2 libraries
2018-07-19 12:40:42 +02:00
5b91e8c03c
Version bump to 5.7.0dr4
2018-06-22 11:21:02 +02:00
711e0bdbe4
Version bumpt to 5.7.0dr3
2018-06-14 17:07:59 +02:00
78584d7efc
Version bump to 5.7.0dr2
2018-06-13 17:07:58 +02:00
75181f4836
fuzz: Added PB-TNC fuzzer
2018-06-12 21:47:40 +02:00
a31f9b7691
libimcv: Removed TCG SWID IMC/IMV support
2018-06-12 21:47:39 +02:00
3a8a9c7029
Version bump to 5.7.0dr1
2018-05-30 23:02:57 +02:00
b2ab0995c1
Version bump to 5.6.3
2018-05-28 15:38:58 +02:00
88205674e5
Version bump to 5.6.3rc1
2018-05-23 22:36:39 +02:00
26b45beda9
Version bump to 5.6.3dr2
2018-05-22 21:58:32 +02:00
3594663166
eap-aka-3gpp: Add test vectors from 3GPP TS 35.207 14.0.0
2018-05-18 17:37:39 +02:00
69ee158e2a
Version bump to 5.6.3dr1
2018-04-19 16:34:06 +02:00
68c00bc839
Version bump to 5.6.2
2018-02-19 12:59:37 +01:00
0bb4d2179d
Version bump to 5.6.2rc1
2018-02-16 13:37:00 +01:00
345cd4684c
save-keys: Add save-keys plugin
...
This plugin will export IKE_SA and CHILD_SA secret keys in the format used
by Wireshark.
It has to be loaded explicitly.
2018-02-15 23:03:29 +01:00
476200ecc6
Version bump to 5.6.2dr4
2018-02-03 11:05:21 +01:00
9a71b7219c
charon-nm: Port to libnm
...
libnm-glib is deprecated for several years and reaching the end of its
life. Let's switch to the more up-to-date library.
Closes strongswan/strongswan#85 .
2017-12-22 10:05:10 +01:00
344e1b6060
Version bump to 5.6.2dr3
2017-12-13 08:54:54 +01:00
0fb293fc91
tpm_extendpcr: Extend digests into a TPM PCR
2017-12-13 07:10:28 +01:00
5d3eb57cfd
Version bump to 5.6.2dr2
2017-12-10 21:42:02 +01:00
4f60b72a81
Version bump to 5.6.2dr1
2017-12-05 22:23:43 +01:00
203a86ecb8
Version bump to 5.6.1
2017-11-17 22:42:28 +01:00
7f1d944bc9
The pacman tool got replaced by the sec-updater tool
2017-11-15 12:18:17 +01:00
b20bf062e8
Version bump to 5.6.1rc1
2017-11-11 18:25:17 +01:00
c9a2b3b784
configure: Enable mgf1 plugin if gmp plugin is enabled
2017-11-08 16:48:10 +01:00
63ffcfaa49
configure: Fix check for libtpmtss to build it only when needed
...
Testing for x$tpm always yields true, hence libtpmtss is built even if it
is unneeded. Properly test against xtrue as we do in all other tests.
2017-11-08 16:43:18 +01:00
6f74b8748a
counters: Move IKE event counter collection from stroke to a separate plugin
2017-11-08 16:28:28 +01:00
23e76d250f
streams: Named systemd sockets are only supported since systemd v227
2017-10-13 10:17:37 +02:00
4f575d62ed
configure: Also check for libcrypto on Windows
...
With OpenSSL 1.1.0 the library is now named libcrypto too on Windows.
Check for libeay32 first so we don't link against the build environment's
version of OpenSSL instead of the native one that might be available.
2017-10-10 10:17:09 +02:00
0ae19f0ced
configure: Fix gperf length parameter determination
...
gperf is not actually a build dependency as the generated files are
shipped in the tarball. So the type depends on the gperf version on
the host that ran gperf and created the tarball, which might not be
the same as that on the actual build host, and gperf might not even
be installed there, leaving the type undetermined.
Fixes: e0e4322973
2017-10-02 17:21:42 +02:00
a9fb529b84
Version bump to 5.6.1dr3
2017-09-26 22:43:38 +02:00
e0e4322973
configure: Detect type of length parameter for gperf generated function
...
Since 3.1 gperf uses size_t for the length parameter instead of an
unsigned int.
2017-09-19 13:24:43 +02:00
c80cec2d5e
Version bump to 5.6.1dr2
2017-09-13 16:56:45 +02:00
d43b84dcb4
Version bump to 5.6.1dr1
2017-09-01 13:49:09 +02:00
b84817375d
sec-updater: Checks for security updates
...
sec-updater checks for security updates and backports in Debian/
Ubuntu repositories and sets the security flags in the strongTNC
policy database accordingly.
2017-09-01 11:19:40 +02:00
17840fa18e
configure: Detect mpz_powm_sec() when built with -Werror
2017-08-15 10:35:20 +02:00
be1beea7a4
fuzzing: Add driver to run fuzz targets on a given list of files
...
This is enabled if the path to libFuzzer.a is not specified when running
the configure script.
2017-08-15 10:35:20 +02:00
9cc37212c6
Version bump to 5.6.0
2017-08-14 10:07:47 +02:00
d35183e33e
Version bump to 5.6.0rc2
2017-08-09 14:23:28 +02:00
285c077d2c
Version bump to 5.6.0rc1
2017-08-07 18:25:52 +02:00
f0ae8c1761
Version bump to 5.6.0dr4
2017-08-04 21:15:45 +02:00
05f8e64d79
Version bump to 5.6.0dr3
2017-07-18 20:53:35 +02:00
964bf73237
sw-collector: Moved to its own directory and added man page
2017-07-18 07:25:45 +02:00
693705c74e
Version bump to 5.6.0dr2
2017-07-13 14:24:32 +02:00
eab650d62f
libtpmtss: Support of Intel TABRMD interface
2017-07-12 17:07:34 +02:00
991703007a
Version bump to 5.6.0dr1
...
This major version includes the new SWIMA IMC/IMV pair which
implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft.
Full compliance to the ISO 19770-2:2015 SWID tag standard has
been achieved.
2017-07-08 23:21:56 +02:00
8ba6bf511e
libimcv: Moved REST API from imv_swid and imv_swima to libimcv
2017-07-08 23:19:51 +02:00
3a7c594c14
imv-swima: Created SWIMA IMV plugin
2017-07-08 23:19:51 +02:00
2821c0f740
imc-swima: Created SWIMA IMC plugin
2017-07-08 23:19:51 +02:00
ef6b710f19
pki: Load pubkey plugin to print public keys
...
Since 3317d0e77b3317d0e77b
2017-07-05 10:15:45 +02:00
1aba82bfd7
eap-aka-3gpp: Add plugin that implements 3GPP MILENAGE algorithm in software
...
This is similar to the eap-aka-3gpp2 plugin. K (optionally concatenated
with OPc) may be configured as binary EAP secret in ipsec.secrets or
swanctl.conf.
Based on a patch by Thomas Strangert.
Fixes #2326 .
2017-07-05 10:03:38 +02:00
45f45fed1e
configure: Install charon-systemd.conf
...
Fixes #2370 .
2017-06-29 08:43:00 +02:00
56ffcdb166
configure: Enable coverage for all plugins via PLUGIN_CFLAGS
2017-06-20 13:52:16 +02:00
d29531c226
configure: Use pkg-config to determine Ruby CFLAGS/LIBS
2017-06-07 16:48:02 +02:00
65ce7ec0c4
Version bump to 5.5.3
2017-05-29 12:02:48 +02:00
f5aef3a020
configure: Don't modify CFLAGs if fuzzing is enabled
...
Just rely on the flags passed by the build process.
2017-05-23 18:29:12 +02:00
92a10e4645
x509: Manually print CRL/OCSP URIs when fuzzing
...
This avoids a warning about the custom %Y printf specifier.
2017-05-23 18:29:12 +02:00
1a06bf03f9
plugin-loader: Add facility to register plugin constructors
...
Enabled when building monolithically and statically.
This should allow us to work around the -whole-archive issue with
libtool. If the libraries register the plugin constructors they provide
they reference the constructors and will therefore prevent the linker from
removing these seemingly unused symbols from the final executable.
For use cases where dlsym() can be used, e.g. because the static libraries
are manually linked with -whole-archive (Linux) or -force-load (Apple),
this can be disabled by passing ss_cv_static_plugin_constructors=no to
the configure script.
2017-05-23 18:29:12 +02:00
6ce649a8a6
configure: Don't build static libraries by default
...
This way we can actually detect if someone wants to build strongSwan
statically because --enable-static has to be passed explicitly.
2017-05-23 18:29:11 +02:00
8806b00f43
fuzz: Make path to libFuzzer.a configurable
2017-05-23 18:29:11 +02:00
157742be7d
fuzz: Add fuzzing boilerplate
2017-05-23 18:29:11 +02:00
a5f7a4c790
Version bump to 5.3.3dr2
2017-05-08 22:38:12 +02:00
d38d1fcd68
Version bump to 5.5.3dr1
2017-04-26 21:29:42 +02:00
e419b010aa
configure: Include curve25519 in the pki default plugin list
...
The plugin provides ed25519 public key support, and is required to generate
keys or sign certificates with pki.
2017-04-26 20:41:33 +02:00
bb2ba9f15d
Version bump to 5.5.2
2017-03-27 16:57:03 +02:00
5e8e71d405
configure: Fix test for libunwind
...
Most functions in libunwind.h are actually mapped via macros to obscure
function names, so checking for these would require some elaborate test
via AC_LINK_IFELSE(). However, unw_backtrace() seems to be one of the few
actual functions so lets use this for now, even though we don't call it
ourselves later.
Fixes: 016228c158
2017-03-23 18:29:18 +01:00
7c672e6118
Version bump to 5.2.2rc1
2017-03-21 09:09:43 +01:00
25bfb338a2
Version bump to 5.5.2dr7
2017-03-06 20:21:40 +01:00
4a620a97a0
aikpub2: Removed aikpub2 tool
...
The aikpub2 tool has been replaced by pki --pub|--req --keyid hex ..
where keyid indicates the TPM 2.0 private key object handle. Thus
either the public key in PKCS#1 format can be extracted or a PKCS#10
certificate request signed by the TPM private key can be generated.
2017-03-06 19:35:05 +01:00
6885375e66
Version bump to 5.5.2dr6
2017-03-03 09:34:50 +01:00
f43850b3b9
Version bump to 5.5.2dr5
2017-02-23 17:31:11 +01:00
af9341c2c0
Use of TPM 2.0 private keys for signatures via tpm plugin
2017-02-22 12:18:26 +01:00
Tobias Brunner