ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
12,355 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

1063 Commits

Author SHA1 Message Date
Tobias Brunner 190a278854 plugin-loader: Optionally use load option in each plugin section to load plugins 
This now works because all plugins use the same config namespace.

If <ns>.load_modular is true, the list of plugins to load is determined
via the value of the <ns>.plugins.<name>.load options.

Using includes the following is possible:

charon {
  load_modular = yes
  plugins {
    include strongswan.d/charon/*.conf
  }
}

charon-cmd {
  load_modular = yes
  plugins {
    include strongswan.d/charon-cmd/*.conf
  }
}

Where each .conf file would contain something like:

<name> {
  load = yes
  <option> = <value>
}

To increase the priority of individual plugins load = <priority> can be
used (the default is 1).  For instance, to use openssl instead of the
built-in crypto plugins set in strongswan.d/charon/openssl.conf:

openssl {
  load = 10
}

If two plugins have the same priority their order in the default plugin
list is preserved.  Plugins not found in that list are ordered
alphabetically before other plugins with the same priority.
 2014-02-12 14:34:33 +01:00
Tobias Brunner 8dc6e71632 lib: All settings use configured namespace 2014-02-12 14:34:32 +01:00
Martin Willi 7707357227 rdrand: Provide get_features() regardless of RDRAND availability 
As having no get_features() raises a deprecated warning, we return no features
instead.
 2014-02-10 11:22:16 +01:00
Martin Willi 144f1d7041 rdrand: Move RDRAND detection log to level 2 
When having RDRAND support, these log messages might be confusing when using
pki or other tools.
 2014-02-10 11:07:50 +01:00
Martin Willi 88fa7f62be pem: Use chunk_map() instead of non-portable mmap() 2014-01-23 15:55:33 +01:00
Tobias Brunner 72a92d4f7d curl: Replace spaces in URIs with %20 
cURL requires the URIs to be URL-encoded. Apparently, some CAs encode CRL
URIs with spaces in them.

Fixes #454.
 2014-01-23 10:19:30 +01:00
Tobias Brunner 54ca25800c agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socket 
This is also required if charon-cmd is used with capability dropping.
 2014-01-23 10:08:23 +01:00
Andreas Steffen 84814a6b7c min_MGF_hash_calls parameter is not needed anymore 2013-12-07 23:54:53 +01:00
Andreas Steffen 5da659523e Optimized MGF1 implementation 2013-12-07 23:29:04 +01:00
Andreas Steffen abd4797dc1 Implemented ntru_trits class 2013-12-07 23:27:59 +01:00
Andreas Steffen a978a8194d Streamlined DRBG and MGF1 debug output 2013-12-07 00:21:28 +01:00
Andreas Steffen fdc6c682b2 Added own MGF1 mask generating function 2013-12-05 22:55:47 +01:00
Tobias Brunner d5a0abfa92 unit-tests: Export ntru_drbg_create as testable function so no linking is required 
This way the plugin does not have to be linked explicitly to the test
runner, which otherwise would require that the plugin is either always
enabled to build the tests or that ifdefs are added to the Makefile.
 2013-12-04 20:32:59 +01:00
Tobias Brunner a24eec4649 unit-tests: Move ntru_test_rng_t to a utility class in libtest 2013-12-04 20:32:59 +01:00
Tobias Brunner 3e8a44c2aa ntru: Fix compiler warning caused by ++/-- on righthand side of an assignment 
The behavior of stuff like x = --x; (or x++) is not defined.
 2013-12-04 20:32:59 +01:00
Andreas Steffen 7d5b9e81a4 Added DRBG automatic reseeding tests 2013-11-27 20:21:41 +01:00
Andreas Steffen 5443762491 Use strongSwan hash plugins for SHA-1 and SHA-256 2013-11-27 20:21:41 +01:00
Andreas Steffen a7047cda59 Cleaned up ntru-crypto library 2013-11-27 20:21:41 +01:00
Andreas Steffen 98c6421674 Implemented NIST SP 800-90A DRBG_HMAC with SHA-256 2013-11-27 20:21:41 +01:00
Andreas Steffen 9013973cc8 unit-tests: Added ntru wrong ciphertext test 2013-11-27 20:21:41 +01:00
Andreas Steffen 885e699b58 unit-tests: Added ntru entropy, retransmission and ciphertext tests 2013-11-27 20:21:41 +01:00
Andreas Steffen 802eaf3789 Any of the four NTRU parameter sets can be selected 2013-11-27 20:21:41 +01:00
Andreas Steffen 1f73969eb5 Make the NTRU parameter set configurable 2013-11-27 20:21:41 +01:00
Andreas Steffen 2c620cb089 unit-tests: first NTRU test case 2013-11-27 20:21:40 +01:00
Andreas Steffen 146ad86be5 Prototype implementation of IKE key exchange via NTRU encryption 2013-11-27 20:21:40 +01:00
Tobias Brunner 3bff80aee3 openssl: Verify that a peer's ECDH public value is a point on the elliptic curve 
This check is mandated by RFC 6989.  Since we don't reuse DH secrets,
it is mostly a sanity check.
 2013-11-19 15:00:28 +01:00
Andreas Steffen b63246c5db Implemented libstrongswan.plugins.random.strong_equals_true option 2013-11-16 00:11:40 +01:00
Tobias Brunner 8d2450d8b8 plugin-loader: Convenience function added to add plugin dirs in build tree 2013-11-06 10:31:07 +01:00
Tobias Brunner 71c9565a3a pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB 
This allows more than one builder to try parsing the data read from STDIN.
 2013-10-23 17:20:39 +02:00
Tobias Brunner 606aae3aa1 openssl: Add workaround if ECC Brainpool curves are not defined 2013-10-17 13:36:08 +02:00
Tobias Brunner 3c29d2822f openssl: Add support for ECC Brainpool curves for DH, if defined by OpenSSL 
OpenSSL does not include them in releases before 1.0.2.
 2013-10-17 13:36:08 +02:00
Tobias Brunner 0f6f7ba22c ccm: Add missing comma in get_iv_gen method signature 2013-10-11 17:42:25 +02:00
Tobias Brunner 50bd28d549 iv_gen: aead_t implementations provide an IV generator 2013-10-11 15:55:40 +02:00
Tobias Brunner 6ecf1aab35 unbound: Add support for DLV (DNSSEC Lookaside Validation) 
Fixes #392.
 2013-10-11 15:45:25 +02:00
Tobias Brunner b283a6e9ef database: Add support for serializable transactions 2013-10-11 15:29:10 +02:00
Tobias Brunner fad11d602d sqlite: Implement transaction handling 2013-10-11 15:16:05 +02:00
Tobias Brunner f3cb889c9b mysql: Implement transaction handling 2013-10-11 15:16:04 +02:00
Tobias Brunner 947b76cda8 database: Add interface to handle transactions 2013-10-11 15:16:04 +02:00
Tobias Brunner 5f6a40827e mysql: Ensure connections are properly released in multi-threaded environments 2013-10-11 15:16:04 +02:00
Tobias Brunner e2c9a03d15 Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required for IKEv2 anyway 2013-10-11 15:13:25 +02:00
Tobias Brunner c8f34ba7b6 openssl: Properly log FIPS mode when enabled via openssl.conf 
Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf
it should be disabled in strongswan.conf (or the other way around).

Either way, we should log whether FIPS mode is enabled or not.

References #412.
 2013-09-27 09:24:03 +02:00
Tobias Brunner 075e80368b sshkey: Add support for parsing keys from files 2013-09-13 15:23:49 +02:00
Tobias Brunner b2a5317596 sshkey: Add encoding for ECDSA keys 2013-09-13 15:23:49 +02:00
Tobias Brunner d6b3cc87ca openssl: Add support for generic encoding of EC public keys 2013-09-13 15:23:49 +02:00
Tobias Brunner f40e9f4d16 sshkey: Add encoder for RSA keys 2013-09-13 15:23:49 +02:00
Tobias Brunner 3b939e20a9 openssl: Add generic RSA public key encoding 2013-09-13 15:23:49 +02:00
Tobias Brunner b5cc7053c8 openssl: Add helper function to convert BIGNUMs to chunks 2013-09-13 15:23:49 +02:00
Martin Willi 83a0b74da8 keychain: be less verbose when loading certificates 2013-07-31 11:41:16 +02:00
Tobias Brunner 8f1b44b40c keychain: Use AM_CPPFLAGS instead of INCLUDES 2013-07-19 09:01:39 +02:00
Martin Willi 4d7a762871 credmgr: introduce a hook function to catch trust chain validation errors 2013-07-18 16:00:30 +02:00