fbfe5a2724
proposal: Add missing curve448/x448 keywords
...
Fixes #3064 .
2019-05-20 09:43:59 +02:00
802da663c2
nm: Version bump to 1.4.5
2019-05-14 10:38:32 +02:00
7e0e3ef4e0
keymat_v1: Avoid memory leak during IKE key derivation in some error cases
...
Closes strongswan/strongswan#138 .
2019-05-09 10:07:52 +02:00
532060c0fa
pki: Plugins to load may be defined via PKI_PLUGINS env variable
2019-05-08 14:56:48 +02:00
df6441a13f
pki: Allow inclusion of [unsupported] critical X.509 extension
2019-05-08 14:56:48 +02:00
0c924641e6
pki: Add different output options for --keyid
...
Makes machine-processing these identifiers easier.
2019-05-08 14:56:48 +02:00
3ee352a691
smp: Use correct printf specifier to print SPIs
2019-05-08 14:48:54 +02:00
e6e4113e9f
fast: Use correct printf specifier to print content length
2019-05-08 14:48:54 +02:00
12e64e5cf4
libimcv: Use proper printf specifier for unsigned issuer and responder IDs
2019-05-08 14:48:54 +02:00
994cff3fac
swima-collector: Use proper type for field precision
2019-05-08 14:48:54 +02:00
a4abb263c9
openssl: Fix build with OpenSSL 1.1.1 without compatibility layer
...
If OpenSSL is built with --api, defines for deprecated functions in
OpenSSL's header files are not visible anymore.
Fixes #3045 .
2019-05-08 14:28:18 +02:00
ba817d2917
starter: Remove IPsec stack detection
...
Checking specifically for /proc/net/pfkey is not ideal as af_key will
eventually be removed in Linux kernels. Support for KLIPS is long gone.
The detection also wasn't used for anything anymore (failures were just
ignored since the ports to BSD-based systems). And modprobing doesn't seem
to be necessary either (charon-systemd doesn't do that, for instance).
2019-05-07 11:13:03 +02:00
c7a0b39bd6
vici: Add Python command wrappers to tarball
...
Fixes: e0f7da8644
2019-05-06 15:51:05 +02:00
c88030807e
pki: Fix memory leaks in --signcrl if signature scheme is not found
...
Fixes: dd4bd21c5a
2019-04-30 10:25:56 +02:00
b31bff125c
swanctl: Move documentation of if_id_in/out after all mark-related options
...
Also fix a typo.
2019-04-29 17:38:28 +02:00
02b348403a
Fixed some typos, courtesy of codespell
2019-04-29 15:09:20 +02:00
c546c1ba71
nonce: Allow overriding the RNG quality used to generate nonces
...
Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.
2019-04-29 10:49:35 +02:00
75d9dc40d4
unit-tests: Fix skipping of some ECDSA signature schemes
...
Closes strongswan/strongswan#137 .
2019-04-29 09:56:49 +02:00
eefa81120c
vici: Update command wrappers in the Perl bindings
...
Note that load_key() now returns the complete response (to get the key
identifier).
2019-04-26 10:15:48 +02:00
968866afc6
vici: Update some data in the Ruby gemspec
2019-04-26 10:15:48 +02:00
cc2ef8f8a7
vici: Some code style fixes in the Ruby bindings
...
As reported by rubocop (some issues were not fixed, in particular
related to class/method length metrics).
2019-04-26 10:15:43 +02:00
1fef01af58
vici: Update command wrappers of the Ruby bindings
...
Also reorder them to match README.md.
2019-04-26 09:35:37 +02:00
3b39444556
vici: Refactor how commands are called in the Ruby bindings
...
Also expose a method to call arbitrary commands, which allows calling not
yet wrapped commands. Exceptions are raised for all commands if the response
includes a negative "success" key (similar to how it's done in the Python
bindings).
2019-04-26 09:35:11 +02:00
42fe703a95
vici: Fix formatting of return values for load-conn and load-authority commands
2019-04-26 09:35:10 +02:00
c5113c8105
vici: Add missing command wrappers for Python bindings
...
Also change some for which the return value became relevant.
2019-04-26 09:35:10 +02:00
e0f7da8644
vici: Extract command wrappers in Python bindings
...
This simplifies the interface and allows calling not yet wrapped
commands more easily.
2019-04-26 09:18:54 +02:00
89c8ba525b
eap-aka-3gpp2: Increase SQN after each authentication
2019-04-25 15:58:17 +02:00
fbb0feeea9
unit-tests: Add unit tests for childless IKE_SA initiation
2019-04-25 15:23:19 +02:00
1b19469c67
unit-tests: Make childless initiation configurable
2019-04-25 15:23:19 +02:00
e0678a8cc6
unit-tests: Add helper to create but not yet establish two IKE_SAs
2019-04-25 15:23:19 +02:00
202fb101b8
unit-tests: Add macros to assert certain payloads are (not) in a message
2019-04-25 15:23:19 +02:00
c863960eb1
vici: Support initiation of IKE_SAs
...
The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
2019-04-25 15:23:19 +02:00
2889b77da2
vici: Make childless initiation of IKE_SAs configurable
2019-04-25 15:23:19 +02:00
6b00d34b42
controller: Make child config optional for initiate()
2019-04-25 15:23:19 +02:00
ed521a7470
child-create: Initiate and handle childless IKE_SAs according to RFC 6023
2019-04-25 15:23:19 +02:00
93104d0fe9
ike-init: Notify initiator if childless IKE_SAs are accepted
2019-04-25 14:31:39 +02:00
ddb083c164
ike-cfg: Add setting for childless IKE_SAs
2019-04-25 14:31:39 +02:00
9486a2e5b0
ike-cfg: Pass arguments as struct
2019-04-25 14:31:33 +02:00
de77957eda
proposal-substructure: Fix incorrect type for IKEv2 proposals
...
Luckily, the type is only used once when generating payloads and there it
doesn't matter because the encoding rules are the same.
Closes strongswan/strongswan#135 .
2019-04-25 09:40:51 +02:00
d3329ee540
wolfssl: Fixes, code style changes and some refactorings
...
The main fixes are
* the generation of fingerprints for RSA, ECDSA, and EdDSA
* the encoding of ECDSA private keys
* calculating p and q for RSA private keys
* deriving the public key for raw Ed25519 private keys
Also, instead of numeric literals for buffer lengths ASN.1 related
constants are used.
2019-04-24 12:26:08 +02:00
59be02519a
unit-tests: Add tests for ECDSA fingerprints and encoding
2019-04-24 11:40:14 +02:00
179aa72fdf
unit-tests: Add tests for RSA fingerprints and encoding
2019-04-24 11:40:14 +02:00
a5a8f2bce2
chunk: Add helper to copy a chunk left-padded to a certain length
2019-04-24 11:40:14 +02:00
c92eade82c
wolfssl: Add wolfSSL plugin for cryptographic implementations
2019-04-24 11:40:14 +02:00
6a995a63f5
Merge branch 'android-fixes'
...
Fixes an upgrade issue and includes UTF8 support for EAP-MSCHAPv2.
2019-04-24 11:37:33 +02:00
8da7dbe766
socket-default: Fix setting DSCP value on FreeBSD
...
Fixes #3030 .
2019-04-23 11:49:04 +02:00
8eafdc7f54
android: New release after fixing DB update and adding UTF-8 for EAP-MSCHAPv2
2019-04-16 15:58:31 +02:00
199412a8ef
android: Fix database upgrade from older versions
2019-04-16 15:08:23 +02:00
4c0d74bc12
eap-mschapv2: Convert UTF-8-encoded passwords
...
Instead of assuming passwords are simply ASCII-encoded we now assume they are
provided UTF-8-encoded, which is quite likely nowadays. The UTF-8 byte
sequences are not validated, however, only valid code points are encoded
as UTF-16LE.
Fixes #3014 .
2019-04-16 11:26:49 +02:00
a3885b86e6
child-create: Make sure the mode selected by the responder is acceptable
...
Previously, the initiator would install the SA in transport mode if the
peer sent back the USE_TRANSPORT_MODE notify, even if that was not
requested originally.
2019-04-15 14:31:57 +02:00
Tobias Brunner