Tobias Brunner
fbfe5a2724
proposal: Add missing curve448/x448 keywords
...
Fixes #3064 .
2019-05-20 09:43:59 +02:00
Tobias Brunner
802da663c2
nm: Version bump to 1.4.5
2019-05-14 10:38:32 +02:00
SophieK
7e0e3ef4e0
keymat_v1: Avoid memory leak during IKE key derivation in some error cases
...
Closes strongswan/strongswan#138 .
2019-05-09 10:07:52 +02:00
Tobias Brunner
532060c0fa
pki: Plugins to load may be defined via PKI_PLUGINS env variable
2019-05-08 14:56:48 +02:00
Andreas Steffen
df6441a13f
pki: Allow inclusion of [unsupported] critical X.509 extension
2019-05-08 14:56:48 +02:00
Tobias Brunner
0c924641e6
pki: Add different output options for --keyid
...
Makes machine-processing these identifiers easier.
2019-05-08 14:56:48 +02:00
Tobias Brunner
3ee352a691
smp: Use correct printf specifier to print SPIs
2019-05-08 14:48:54 +02:00
Tobias Brunner
e6e4113e9f
fast: Use correct printf specifier to print content length
2019-05-08 14:48:54 +02:00
Tobias Brunner
12e64e5cf4
libimcv: Use proper printf specifier for unsigned issuer and responder IDs
2019-05-08 14:48:54 +02:00
Tobias Brunner
994cff3fac
swima-collector: Use proper type for field precision
2019-05-08 14:48:54 +02:00
Tobias Brunner
a4abb263c9
openssl: Fix build with OpenSSL 1.1.1 without compatibility layer
...
If OpenSSL is built with --api, defines for deprecated functions in
OpenSSL's header files are not visible anymore.
Fixes #3045 .
2019-05-08 14:28:18 +02:00
Tobias Brunner
ba817d2917
starter: Remove IPsec stack detection
...
Checking specifically for /proc/net/pfkey is not ideal as af_key will
eventually be removed in Linux kernels. Support for KLIPS is long gone.
The detection also wasn't used for anything anymore (failures were just
ignored since the ports to BSD-based systems). And modprobing doesn't seem
to be necessary either (charon-systemd doesn't do that, for instance).
2019-05-07 11:13:03 +02:00
Tobias Brunner
c7a0b39bd6
vici: Add Python command wrappers to tarball
...
Fixes: e0f7da8644
("vici: Extract command wrappers in Python bindings")
2019-05-06 15:51:05 +02:00
Tobias Brunner
c88030807e
pki: Fix memory leaks in --signcrl if signature scheme is not found
...
Fixes: dd4bd21c5a
("pki: Query private key for supported signature schemes")
2019-04-30 10:25:56 +02:00
Tobias Brunner
b31bff125c
swanctl: Move documentation of if_id_in/out after all mark-related options
...
Also fix a typo.
2019-04-29 17:38:28 +02:00
Tobias Brunner
02b348403a
Fixed some typos, courtesy of codespell
2019-04-29 15:09:20 +02:00
Tobias Brunner
c546c1ba71
nonce: Allow overriding the RNG quality used to generate nonces
...
Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.
2019-04-29 10:49:35 +02:00
SophieK
75d9dc40d4
unit-tests: Fix skipping of some ECDSA signature schemes
...
Closes strongswan/strongswan#137 .
2019-04-29 09:56:49 +02:00
Tobias Brunner
eefa81120c
vici: Update command wrappers in the Perl bindings
...
Note that load_key() now returns the complete response (to get the key
identifier).
2019-04-26 10:15:48 +02:00
Tobias Brunner
968866afc6
vici: Update some data in the Ruby gemspec
2019-04-26 10:15:48 +02:00
Tobias Brunner
cc2ef8f8a7
vici: Some code style fixes in the Ruby bindings
...
As reported by rubocop (some issues were not fixed, in particular
related to class/method length metrics).
2019-04-26 10:15:43 +02:00
Tobias Brunner
1fef01af58
vici: Update command wrappers of the Ruby bindings
...
Also reorder them to match README.md.
2019-04-26 09:35:37 +02:00
Tobias Brunner
3b39444556
vici: Refactor how commands are called in the Ruby bindings
...
Also expose a method to call arbitrary commands, which allows calling not
yet wrapped commands. Exceptions are raised for all commands if the response
includes a negative "success" key (similar to how it's done in the Python
bindings).
2019-04-26 09:35:11 +02:00
Tobias Brunner
42fe703a95
vici: Fix formatting of return values for load-conn and load-authority commands
2019-04-26 09:35:10 +02:00
Tobias Brunner
c5113c8105
vici: Add missing command wrappers for Python bindings
...
Also change some for which the return value became relevant.
2019-04-26 09:35:10 +02:00
Tobias Brunner
e0f7da8644
vici: Extract command wrappers in Python bindings
...
This simplifies the interface and allows calling not yet wrapped
commands more easily.
2019-04-26 09:18:54 +02:00
Tobias Brunner
89c8ba525b
eap-aka-3gpp2: Increase SQN after each authentication
2019-04-25 15:58:17 +02:00
Tobias Brunner
fbb0feeea9
unit-tests: Add unit tests for childless IKE_SA initiation
2019-04-25 15:23:19 +02:00
Tobias Brunner
1b19469c67
unit-tests: Make childless initiation configurable
2019-04-25 15:23:19 +02:00
Tobias Brunner
e0678a8cc6
unit-tests: Add helper to create but not yet establish two IKE_SAs
2019-04-25 15:23:19 +02:00
Tobias Brunner
202fb101b8
unit-tests: Add macros to assert certain payloads are (not) in a message
2019-04-25 15:23:19 +02:00
Tobias Brunner
c863960eb1
vici: Support initiation of IKE_SAs
...
The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
2019-04-25 15:23:19 +02:00
Tobias Brunner
2889b77da2
vici: Make childless initiation of IKE_SAs configurable
2019-04-25 15:23:19 +02:00
Tobias Brunner
6b00d34b42
controller: Make child config optional for initiate()
2019-04-25 15:23:19 +02:00
Tobias Brunner
ed521a7470
child-create: Initiate and handle childless IKE_SAs according to RFC 6023
2019-04-25 15:23:19 +02:00
Tobias Brunner
93104d0fe9
ike-init: Notify initiator if childless IKE_SAs are accepted
2019-04-25 14:31:39 +02:00
Tobias Brunner
ddb083c164
ike-cfg: Add setting for childless IKE_SAs
2019-04-25 14:31:39 +02:00
Tobias Brunner
9486a2e5b0
ike-cfg: Pass arguments as struct
2019-04-25 14:31:33 +02:00
SophieK
de77957eda
proposal-substructure: Fix incorrect type for IKEv2 proposals
...
Luckily, the type is only used once when generating payloads and there it
doesn't matter because the encoding rules are the same.
Closes strongswan/strongswan#135 .
2019-04-25 09:40:51 +02:00
Tobias Brunner
d3329ee540
wolfssl: Fixes, code style changes and some refactorings
...
The main fixes are
* the generation of fingerprints for RSA, ECDSA, and EdDSA
* the encoding of ECDSA private keys
* calculating p and q for RSA private keys
* deriving the public key for raw Ed25519 private keys
Also, instead of numeric literals for buffer lengths ASN.1 related
constants are used.
2019-04-24 12:26:08 +02:00
Tobias Brunner
59be02519a
unit-tests: Add tests for ECDSA fingerprints and encoding
2019-04-24 11:40:14 +02:00
Tobias Brunner
179aa72fdf
unit-tests: Add tests for RSA fingerprints and encoding
2019-04-24 11:40:14 +02:00
Tobias Brunner
a5a8f2bce2
chunk: Add helper to copy a chunk left-padded to a certain length
2019-04-24 11:40:14 +02:00
Sean Parkinson
c92eade82c
wolfssl: Add wolfSSL plugin for cryptographic implementations
2019-04-24 11:40:14 +02:00
Tobias Brunner
6a995a63f5
Merge branch 'android-fixes'
...
Fixes an upgrade issue and includes UTF8 support for EAP-MSCHAPv2.
2019-04-24 11:37:33 +02:00
Tobias Brunner
8da7dbe766
socket-default: Fix setting DSCP value on FreeBSD
...
Fixes #3030 .
2019-04-23 11:49:04 +02:00
Tobias Brunner
8eafdc7f54
android: New release after fixing DB update and adding UTF-8 for EAP-MSCHAPv2
2019-04-16 15:58:31 +02:00
Tobias Brunner
199412a8ef
android: Fix database upgrade from older versions
2019-04-16 15:08:23 +02:00
Tobias Brunner
4c0d74bc12
eap-mschapv2: Convert UTF-8-encoded passwords
...
Instead of assuming passwords are simply ASCII-encoded we now assume they are
provided UTF-8-encoded, which is quite likely nowadays. The UTF-8 byte
sequences are not validated, however, only valid code points are encoded
as UTF-16LE.
Fixes #3014 .
2019-04-16 11:26:49 +02:00
Tobias Brunner
a3885b86e6
child-create: Make sure the mode selected by the responder is acceptable
...
Previously, the initiator would install the SA in transport mode if the
peer sent back the USE_TRANSPORT_MODE notify, even if that was not
requested originally.
2019-04-15 14:31:57 +02:00