Andreas Steffen
47eb87d437
corrected interface definition
2009-07-31 08:57:55 +02:00
Andreas Steffen
3f720dc7c3
update usetime only if usebytes increase
2009-07-30 23:19:42 +02:00
Andreas Steffen
2ad51539f6
display transmitted bytes per SA
2009-07-30 21:33:19 +02:00
Tobias Brunner
eab05274f4
Handling of unsupported policy directions (FWD) fixed.
2009-07-30 14:06:26 +02:00
Tobias Brunner
e20bd8b6ea
Enabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.
2009-07-30 14:06:26 +02:00
Tobias Brunner
789ba17024
Configure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP encapsulated ESP packets in the kernel.
2009-07-30 14:06:26 +02:00
Tobias Brunner
b2117eee20
Make accept(2) and recvfrom(2) cancellation points on Mac OS X.
2009-07-30 14:06:26 +02:00
Andreas Steffen
ecff28c5c5
fixe KW_END_FIRST..KW_END_LAST keyword range
2009-07-28 15:44:24 +02:00
Andreas Steffen
acb34739e4
improved DPD error message
2009-07-22 22:30:21 +02:00
Andreas Steffen
e1089f5906
added file and segment lengths to checksum.c
2009-07-21 22:23:51 +02:00
Andreas Steffen
8ce8e19068
version bump to 4.3.4
2009-07-21 22:21:52 +02:00
Martin Willi
fcac8f6571
filter objects for segment checksumming by dlpi_name, excludes rare false positives
2009-07-21 15:10:24 +02:00
Martin Willi
7655843ab5
enumerate executable sections only to build checksum
2009-07-21 15:00:18 +02:00
Martin Willi
acd4afc997
announce integrity testing only once
2009-07-21 14:58:14 +02:00
Tobias Brunner
9af7715c3d
Fixed installation of config files in out-of-tree builds.
2009-07-20 21:13:45 +02:00
Tobias Brunner
7cdf712d3e
Use the numerical UID/GID to install the config files and create the ipsec.d directories.
2009-07-20 21:03:05 +02:00
Andreas Steffen
def1777eca
streamlined integrity test output some more
2009-07-18 11:23:27 +02:00
Andreas Steffen
1d941f12ad
advertise activated integrity tests
2009-07-18 00:37:35 +02:00
Andreas Steffen
2e4a94ec26
added strongswan-2.8.11 and strongswan-4.2.17 VIDs
2009-07-17 21:19:32 +02:00
Andreas Steffen
e3f3b004e2
fix test vector error output
2009-07-17 20:36:21 +02:00
Andreas Steffen
eab241fb56
stop strongswan if integrity check of libstrongswan or daemon fails
2009-07-17 20:33:19 +02:00
Andreas Steffen
6b04ba288d
streamlined debug output of integrity tests
2009-07-17 17:00:17 +02:00
Andreas Steffen
ca366aeea0
enforce strongSwan coding rules
2009-07-17 16:57:07 +02:00
Andreas Steffen
521aa00fb1
shortened cypto test output
2009-07-17 16:36:01 +02:00
Andreas Steffen
848133ff1c
accelerate lookup in non-concatenated pools
2009-07-17 13:58:29 +02:00
Andreas Steffen
7f522b5fd8
check for an existing lease over all assigned pools first
2009-07-17 11:48:35 +02:00
Andreas Steffen
07be083b7f
fixed problem with static leases over multiple pools
2009-07-16 21:53:46 +02:00
Tobias Brunner
375a91bb9b
Fixing distribution build (checksum.c is created on the user's system).
2009-07-16 16:53:43 +02:00
Martin Willi
e0964e2e26
fixed memleak in SQL config lookup
2009-07-16 15:59:56 +02:00
Martin Willi
88957f54f2
raise an alert() if the RADIUS server is not responding
2009-07-16 15:15:39 +02:00
Martin Willi
e85b83c737
added an alert() bus hook to raise critical system errors and notifications
2009-07-16 15:15:39 +02:00
Tobias Brunner
599d2bcea8
Revert "gperf under FreeBSD does not know the -m option."
...
This reverts commit 0ead254919
.
2009-07-16 15:15:09 +02:00
Tobias Brunner
233a132634
Removed an unnecessary include of a header that is not available on Mac OS X.
2009-07-15 22:42:22 +02:00
Andreas Steffen
225bb2b810
conversion from ECDSA_WITH_SHAxxx OIDs to signature schemes
2009-07-15 18:12:40 +02:00
Martin Willi
449e90e1af
updated debian package
2009-07-15 15:37:23 +02:00
Martin Willi
0a1d168752
updated Standards-Version to 3.8.2
2009-07-15 14:01:47 +02:00
Martin Willi
e04c5d9371
added ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning
2009-07-15 14:00:42 +02:00
Martin Willi
426e1c3d0f
added copyright information, fixes copyright-without-copyright-notice lintian warning
2009-07-15 13:59:25 +02:00
Martin Willi
74b14b4008
cast pointers to uintptr_t for alignement check
2009-07-15 10:39:45 +02:00
Tobias Brunner
0ead254919
gperf under FreeBSD does not know the -m option.
...
We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.
2009-07-14 12:09:22 +02:00
Tobias Brunner
fd0df7ec75
Corrected check for valid ASN1 types in rdn_enumerate.
...
Because of the range of u_char the comparison was always TRUE before.
2009-07-14 12:09:22 +02:00
Andreas Steffen
75682462fc
added SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs
2009-07-14 05:35:01 +02:00
Andreas Steffen
d44b03563a
double free caused strange side effects
2009-07-13 20:28:36 +02:00
Andreas Steffen
ecb32c75ce
report installation failure of inbound and/or outbound IPsec SA, separately
2009-07-13 15:13:12 +02:00
Andreas Steffen
5c49289e27
great, I got my comma back
2009-07-12 21:08:37 +02:00
Andreas Steffen
540d02f6c0
pluto supports AES_CCM and AES_GCM ESP algorithms
2009-07-12 00:05:42 +02:00
Andreas Steffen
c5ebd00517
put variable definitions up front
2009-07-12 00:05:42 +02:00
Andreas Steffen
ad92c1f6cd
cosmetics
2009-07-12 00:05:42 +02:00
Andreas Steffen
a3ee331b0c
added listener.h to charon_SOURCES
2009-07-12 00:05:41 +02:00
Martin Willi
69b8058925
use the configured NM connection id as configuration/IKE_SA name
2009-07-10 11:01:44 +02:00
Martin Willi
ce741aa649
fixed state check if establishing the CHILD_SA fails
2009-07-10 09:40:02 +02:00
Martin Willi
bad99d5aff
use the new updown()/rekey() hooks to track the state of NetworkManager connections
2009-07-10 09:37:27 +02:00
Andreas Steffen
356cdc2d72
update libfreeswan/pfkeyv2.h
2009-07-10 07:15:08 +02:00
Andreas Steffen
8e905c44c9
added AES_CTR, AES_CCM, and AES_GCM strings
2009-07-10 06:54:06 +02:00
Martin Willi
977ec0c316
implemented ike_down() bus hook
2009-07-09 15:25:16 +02:00
Martin Willi
fa1d3c6629
implemented ike_up() bus hook
2009-07-09 15:25:16 +02:00
Martin Willi
f5f37cc7fa
implemented child_down() bus hook
2009-07-09 15:25:16 +02:00
Martin Willi
f669f45333
implemented child_up() bus hook
2009-07-09 15:25:15 +02:00
Martin Willi
622b56a52e
implemented ike_rekey()/child_rekey() bus hooks
2009-07-09 15:25:15 +02:00
Martin Willi
7527f43c76
added new listener callbacks to track SAs
2009-07-09 15:25:15 +02:00
Martin Willi
a40cc76bc7
moved listener_t interface definition to a separate file
2009-07-09 15:25:14 +02:00
Andreas Steffen
9d9cb65c8e
enforced strongSwan coding rules
2009-07-09 15:02:51 +02:00
Martin Willi
3f67126226
added a RADIUS id_prefix option to prefix the IMSI
2009-07-09 11:19:41 +02:00
Martin Willi
01e43e3183
memxor does not access unaligned words anymore, but still uses words if possible
2009-07-08 17:19:49 +02:00
Martin Willi
751a65f9da
fixed doxygen section pgp
2009-07-08 10:29:12 +02:00
Martin Willi
d7b965e931
fixed two doxygen warnings
2009-07-08 10:28:54 +02:00
Martin Willi
efb4bb248f
remove obsolete child_cfg_t.equal_traffic_selectors() method
2009-07-07 14:38:55 +02:00
Martin Willi
20188fcad4
child_cfg matching code prefers a config containing the first proposed TS
2009-07-07 14:38:19 +02:00
Martin Willi
2d00984d73
added missing equals() method assignment for ID_ANY identities
2009-07-07 13:42:22 +02:00
Martin Willi
92a65c506a
use architecture specific Elf header
2009-07-06 16:36:01 +02:00
Martin Willi
0c31b9db84
centralized ID type specific method assignement in generic constructor
2009-07-06 13:15:29 +02:00
Martin Willi
bbf6a4c0ff
removed obsolete init_rdn()/get_next_rdn() functions
2009-07-06 13:15:29 +02:00
Martin Willi
8309798fae
reimplemented dnota() using RDN enumerator
2009-07-06 13:15:29 +02:00
Martin Willi
f48c3c72f4
added a chunk_printable() function (replaces sanitize_chunk)
2009-07-06 13:15:29 +02:00
Martin Willi
d692557298
replaced {same,match}_dn() by compare_dn(), using the RDN enumerator
2009-07-06 13:15:29 +02:00
Martin Willi
ed680e33c0
fixed memleak if RND parsing fails
2009-07-06 13:15:29 +02:00
Martin Willi
dca2eee92a
added unit test for identification_t.matches()
2009-07-06 13:15:29 +02:00
Martin Willi
05fe0a7d25
added unit test for identification_t.equals()
2009-07-06 13:15:29 +02:00
Martin Willi
01da687f78
contains_wildcard() for DNs uses RDN enumerator
2009-07-06 13:15:28 +02:00
Martin Willi
d35650115b
added unit test for identification_t.contains_wildcard()
2009-07-06 13:15:28 +02:00
Martin Willi
2147da40a5
simplified identification_t.clone() using memcpy
2009-07-06 13:15:28 +02:00
Martin Willi
6bdd79d86c
use an enumerator to parse RDNs, based on asn1_unwrap() function
2009-07-06 13:15:28 +02:00
Martin Willi
5dd492efff
make filter enumerator methods static
2009-07-06 13:15:28 +02:00
Martin Willi
596e0540a5
asn1_unwrap() function to parse ASN.1 objects with length/type
2009-07-06 13:15:28 +02:00
Andreas Steffen
eebecebead
make ecp_x_coordinate_only = yes the default
2009-07-06 11:47:38 +02:00
Andreas Steffen
21863d6361
ecp_x_coordinate only option allows ECP interoperability with MS Windows
2009-07-06 08:47:18 +02:00
Andreas Steffen
887ed734d0
support of OpenPGP V4 fingerprints
2009-07-04 09:26:37 +02:00
Andreas Steffen
876a6d737f
corrected comment
2009-07-04 09:26:36 +02:00
Martin Willi
6e61122727
listen for CHILD_SA state changes only until it has been installed
2009-07-03 16:16:00 +02:00
Andreas Steffen
7be566dc1f
updated copyright statement
2009-07-03 11:43:48 +02:00
Martin Willi
90855e965a
added additional sanity checks to asn1_length() parsing
2009-07-03 09:26:48 +02:00
Martin Willi
00fcc0f8f3
added -avoid-version to LDFLAGS, plugins are not versioned
2009-07-03 08:57:11 +02:00
Martin Willi
7afd9d6672
defer MOBIKE update if we have no route to the peer
2009-07-02 10:56:13 +02:00
Martin Willi
133623871d
do not abort notifying listeners if a listener unregisters
2009-07-02 09:38:12 +02:00
Martin Willi
2b7129f9b3
added mconsole exec patch based on 2.6.30
2009-07-01 13:53:46 +02:00
Martin Willi
fb64239cab
added mconsole exec patch based on 2.6.29
2009-07-01 13:52:54 +02:00
Martin Willi
4fd40cf6b0
signal tunnel breakage to NetworkManager
2009-06-30 17:47:42 +02:00
Martin Willi
7f9fab77f8
restarting dbus is insufficient, restart network-manager after installation
2009-06-30 17:03:53 +02:00
Martin Willi
a2f1bb238e
enforce correct RSA signature lenght in gcrypt
2009-06-30 12:10:30 +02:00
Andreas Steffen
2ba6a53414
added missing header files
2009-06-24 00:07:36 +02:00
Martin Willi
d860a9b924
handle --disable-pluto/charon with --enable-integrity-test
2009-06-22 16:37:28 +02:00
Martin Willi
f0f420229a
deinit() library if integrity check fails
2009-06-22 16:18:53 +02:00
Martin Willi
4f2c48cd3d
build and verify on disk file integrity of pluto and charon executables
2009-06-22 15:47:18 +02:00
Martin Willi
da2834a280
removed functions from faked symbol list, not needed anymore with RTLD_LAZY
2009-06-22 15:47:18 +02:00
Martin Willi
cfe508d911
indicate use if integrity testing at startup
2009-06-22 15:47:18 +02:00
Martin Willi
67a7bb02ef
moved checksum_builder/libchechsum to top srcdir to respect build order
2009-06-22 15:47:18 +02:00
Martin Willi
bef508755b
build integrity_checker.c only if --enable-integrity-test set
2009-06-22 15:47:17 +02:00
Martin Willi
6a8c8815fe
check on-disk and loaded segment integrity of libstrongswan
2009-06-22 15:47:17 +02:00
Martin Willi
d88bcee079
reduced verbosity of integrity checker
2009-06-22 15:47:17 +02:00
Martin Willi
e3b7be91e1
removed obsolete INTEGRITY_TEST and fips signer code
...
--enable-integrity-test now conditionally builds libchecksum
2009-06-22 15:47:17 +02:00
Martin Willi
f1f51395d5
build checksums for charon plugins
2009-06-22 15:47:17 +02:00
Martin Willi
a0fc89798a
library initialization fails if libstrongswan checksum is invalid
2009-06-22 15:47:17 +02:00
Martin Willi
70f59fab9b
checksum.c depends on all libraries
2009-06-22 15:47:17 +02:00
Martin Willi
12c68f1b3a
implemented a checksum_builder tool to build the checksum library
2009-06-22 15:47:17 +02:00
Martin Willi
0179d4684a
integrity checker accepts an option checksum library on construction
2009-06-22 15:47:17 +02:00
Martin Willi
059c479a2f
check integrity of libstrongswan
2009-06-22 15:47:17 +02:00
Martin Willi
960e0c1040
check integrity of plugins before loading
2009-06-22 15:47:17 +02:00
Martin Willi
20d4fc97cf
implemented an integrity checker class to build and check code integrity
2009-06-22 15:47:16 +02:00
Martin Willi
31b9c10800
removed unneeded newline
2009-06-22 15:35:18 +02:00
Andreas Steffen
71e725d325
use get_proposal_token() for algorithm selection
2009-06-20 12:09:36 +02:00
Andreas Steffen
c4963c92ac
version bump to 4.3.3
2009-06-19 17:00:34 +02:00
Andreas Steffen
c7f76958d7
authby=pubkey is now the default authentication
2009-06-19 10:41:38 +02:00
Martin Willi
1694e82c7c
fixed another 64bit compiler warning
2009-06-19 10:19:55 +02:00
Martin Willi
f53b7e00c2
reverted rule_count back to size_t, as it is passed as pointer (fixes 64bit issues)
2009-06-19 10:01:04 +02:00
Andreas Steffen
1ea31180a0
HASH_MD2 is not implemented yet in gcrypt
2009-06-18 10:03:05 +02:00
Andreas Steffen
3d7250d472
added test vector for NULL encryption
2009-06-18 09:59:24 +02:00
Andreas Steffen
c233bb932a
added test vector for NULL encryption
2009-06-18 09:42:05 +02:00
Andreas Steffen
21142d40d1
added md2 and md4 test vectors
2009-06-18 09:32:57 +02:00
Andreas Steffen
6561694796
added 2 des test vectors
2009-06-18 08:23:51 +02:00
Andreas Steffen
0e9ded6838
removed serpent and twofish plugins - use gcrypt instead
2009-06-18 07:27:40 +02:00
Andreas Steffen
8caf7711c9
fixed typo
2009-06-18 05:56:02 +02:00
Andreas Steffen
bfab805898
removed superfluous print argument
2009-06-17 22:54:57 +02:00
Andreas Steffen
e1101d5994
added 2 RC5 test vectors
2009-06-17 22:34:03 +02:00
Andreas Steffen
ed65740846
added 2 IDEA test vectors
2009-06-17 21:53:30 +02:00
Andreas Steffen
364786b69f
added 6 serpent test vectors
2009-06-17 21:37:26 +02:00
Andreas Steffen
142b7326a6
added 3 Twofish test vectors
2009-06-17 15:50:27 +02:00
Andreas Steffen
a36c082da6
added one CAST-128 test vector
2009-06-17 15:24:20 +02:00
Andreas Steffen
1db85f2cc7
corrected ASN.1 encoding of OID node
2009-06-17 15:08:03 +02:00
Andreas Steffen
46ec53098e
added Camellia encryption support to scepclient
2009-06-17 14:42:57 +02:00
Andreas Steffen
61bfc3acae
added 6 Camellia test vectors
2009-06-17 14:22:00 +02:00
Andreas Steffen
22511bbd34
added 6 Camellia test vectors
2009-06-17 14:21:34 +02:00
Martin Willi
80d3a187c5
double check that parsing a list consumes all bytes
2009-06-17 13:38:05 +02:00
Martin Willi
df2565a2d5
use signed lengths in parser and generator
2009-06-17 13:22:07 +02:00
Andreas Steffen
53095480af
conversion from CAMELLIA OIDs to encryption_algorithm
2009-06-17 13:12:48 +02:00
Andreas Steffen
7417d35ee0
fixed tabs
2009-06-17 13:08:19 +02:00
Andreas Steffen
688705eec2
added camellia-cbc OIDs
2009-06-17 13:07:07 +02:00
Andreas Steffen
942127a602
fixed 64 bit warning
2009-06-17 12:32:28 +02:00
Martin Willi
8ae89883e1
fixed copy/paste error in attribute type parsing
2009-06-17 11:42:53 +02:00
Andreas Steffen
c3fcdd9322
added 2 3DES-CBC and 3 AES-CBC test vectors
2009-06-17 00:08:44 +02:00
Andreas Steffen
280effc034
moved ike_alg descriptions to crypto.c
2009-06-16 18:06:16 +02:00
Martin Willi
fcb06fdbfa
use rwlock instead of a mutex in trap_manager, avoids possible deadlock
2009-06-16 17:27:25 +02:00
Martin Willi
4edda6e4a0
load trap_manager before plugins, allowing them to install traps
2009-06-16 17:27:24 +02:00
Martin Willi
04d6583e26
reset IKE_SA on bus after checkout/checkin of replacement SA
2009-06-16 17:27:24 +02:00
Martin Willi
140ea1fe5a
instanciate first registered kernel interface immediately
2009-06-16 17:27:24 +02:00
Andreas Steffen
b07ffa2490
reformatted crypto_test output
2009-06-16 14:58:49 +02:00
Martin Willi
62d6da67dd
support older gcrypt libraries not defining the CAMELLIA cipher
2009-06-16 14:23:32 +02:00
Martin Willi
24d7b25d21
fixed compiler warning
2009-06-16 14:21:55 +02:00
Martin Willi
26999f2511
increased verbosity of successful crypto tests
2009-06-16 09:54:28 +02:00
Martin Willi
72e174f966
removed one hierarchy level for crypto test options
2009-06-16 09:48:45 +02:00
Andreas Steffen
5fa879238b
initiator now checks for private key much earlier
2009-06-16 07:59:31 +02:00
Andreas Steffen
cd312fcc43
remove whitespace
2009-06-15 19:30:44 +02:00
Martin Willi
25ecb8dafa
gcrypt actually does not implement IDEA
2009-06-15 18:18:04 +02:00
Martin Willi
d32b14db5e
implemented gcrypt RSA encrypt/decrypt operations
2009-06-15 18:07:57 +02:00
Martin Willi
810ce1f336
added a gcrypt.quick_random option to generate weak testing keys faster
2009-06-15 18:06:16 +02:00
Martin Willi
f1f968d562
extended RSA tests by encrypt/decrypt operations
2009-06-15 18:05:34 +02:00
Martin Willi
04b348f61a
implemented IKEv1 specific SIGN_RSA_EMSA_PKCS1_NULL scheme in gcrypt
2009-06-15 14:47:39 +02:00
Martin Willi
3176e4421f
check if RSA key is large enough to sign a chunk of data
2009-06-15 13:49:30 +02:00
Martin Willi
e7227f0ba0
use save chunk advancing, check signature length
2009-06-15 13:37:52 +02:00
Andreas Steffen
ebde1a7ddd
consistent display of strongSwan version
2009-06-13 16:03:08 +02:00
Andreas Steffen
2b92fc9880
test_vectors.h is part of the distribution
2009-06-13 15:17:24 +02:00
Andreas Steffen
c71f212627
renamed OAKLEY_ECDSA_512 to OAKLEY_ECDSA_512
2009-06-13 15:16:49 +02:00
Andreas Steffen
8df811146d
fixed broken XAUTH authentication
2009-06-12 21:04:48 +02:00
Andreas Steffen
b34862b14e
not restricted to RSA public keys
2009-06-12 20:17:02 +02:00
Andreas Steffen
37c9f11f11
load_private_key() loads all kinds of keys
2009-06-12 20:09:00 +02:00
Andreas Steffen
3c5a2342b4
ASN.1 parsing of RSA public key not needed anymore
2009-06-12 20:06:39 +02:00
Andreas Steffen
11e6d28533
pluto supports ECDSA authentication
2009-06-12 19:59:49 +02:00
Martin Willi
b59e239335
added SHA2 HMAC signer test vectors
2009-06-12 11:09:09 +02:00
Martin Willi
0897ff21e7
removed crypto tests form unit tester, all gone to test-vector plugin
2009-06-12 10:44:01 +02:00
Martin Willi
095f971c10
added a FIPS_PRF test vector
2009-06-12 10:40:38 +02:00
Martin Willi
371a54c7a9
added support for stateful PRFs (such as the FIPS_PRF)
2009-06-12 10:39:47 +02:00
Martin Willi
c66cd00df4
removed pluto test vectors, --disable-self-test option
2009-06-11 20:27:32 +02:00
Martin Willi
701381ceb8
added SHA2 HMAC PRF test vectors
2009-06-11 20:26:01 +02:00
Martin Willi
d94d68e404
added SHA2 test vectors
2009-06-11 18:14:30 +02:00
Martin Willi
f02d144095
added SHA1 test vectors
2009-06-11 17:17:33 +02:00
Martin Willi
2df93f467b
added HMAC SHA1 test vectors
2009-06-11 17:05:56 +02:00
Martin Willi
764708b4e0
added HMAC MD5 test vectors
2009-06-11 16:44:20 +02:00
Martin Willi
c698da8cb4
added RNG test vectors
2009-06-11 15:56:00 +02:00
Martin Willi
e091d5100f
added MD5 test vectors
2009-06-11 15:56:00 +02:00
Martin Willi
54916d79d6
added AES-XCBC test vectors for signer/prf
2009-06-11 15:56:00 +02:00
Martin Willi
005163805d
added test vectors for AES128 CBC
2009-06-11 15:56:00 +02:00
Martin Willi
6f4f83e333
added blowfish test vectors from pluto
2009-06-11 15:56:00 +02:00
Martin Willi
81811a9d8b
added a plugin providing crypto test vectors
2009-06-11 15:55:59 +02:00
Martin Willi
28a0728b67
make use of the crypto_tester in the crypto_factory
...
libstrongswan.crypto.test.on_add to test algorithms during initialization
libstrongswan.crypto.test.on_create to test algorithms on each instantiation
2009-06-11 15:55:48 +02:00
Martin Willi
3e8891667b
implemented a crypto_tester class to test crypto algorithms
...
libstrongswan.crypto.test.required to require at least one test vector to use an algorithm
libstrongswan.crypto.test.rng_true to run RNG tests on RNG_TRUE quality
2009-06-11 15:54:44 +02:00
Martin Willi
6f299040fb
handling hashers and rngs as transform types (in private range)
2009-06-11 14:17:16 +02:00
Martin Willi
e51f607221
gcrypt blowfish supports 128 bit key size only
2009-06-11 14:13:17 +02:00
Martin Willi
a4caeac76e
moved publickey speed test to a standalone program
...
This reverts commit 08874d6ae2
.
2009-06-10 16:25:32 +02:00
Andreas Steffen
355bab380c
additional check in case of non-positive months
2009-06-10 15:33:39 +02:00
Andreas Steffen
dfa5fb0358
implemented IKEv1 RSA signing in openssl_rsa_private_key.c
2009-06-10 15:29:57 +02:00
Martin Willi
3e3de01b28
moved Diffie-Hellman speed test to a standalone program
...
This reverts commit 1e6050bfae
.
2009-06-10 14:58:58 +02:00
Andreas Steffen
29bbfc11ee
implemented IKEv1 signature verification in openssl_rsa_public_key.c
2009-06-10 13:43:51 +02:00
Andreas Steffen
c04bf43363
fixed typo in asn1.c
2009-06-10 12:00:26 +02:00
Andreas Steffen
95c00dfcf9
fixed DoS vulnerability in the parsing of ASN.1 time strings
2009-06-10 11:39:17 +02:00
Andreas Steffen
b29832c74f
fixed DoS vulnerability in the parsing of distinguished names
2009-06-09 22:03:33 +02:00
Martin Willi
260158e53e
properly shut down and unref nm mainloop, fixes crash at shutdown
2009-06-09 15:13:10 +02:00
Martin Willi
4d8ddefb78
remove stale pidfile if no such process found
2009-06-09 14:56:31 +02:00
Martin Willi
fd0b7903e6
fix inclusion of private_key_t in nm plugin
2009-06-09 14:03:48 +02:00
Andreas Steffen
2d870072fa
asn1_integer() ensures correct DER encoding of ASN1_INTEGER (two's complement)
2009-06-09 13:27:59 +02:00
Andreas Steffen
a038ef2bb1
renamed listing of IKEv1 authentication algorithms
2009-06-09 11:43:08 +02:00
Martin Willi
1e6050bfae
implemented a speed test for diffie-hellman
2009-06-09 11:27:35 +02:00
Martin Willi
08874d6ae2
implemented a speed test for public key algorithms
2009-06-09 11:27:34 +02:00
Martin Willi
3240cab978
gcrypt RSA public key implementation
2009-06-09 11:27:26 +02:00
Martin Willi
ff8d3ba355
gcrypt RSA private key implementation
2009-06-09 11:27:11 +02:00
Martin Willi
ccd1464586
use autoconf macro provided by libgcrypt
2009-06-09 11:18:57 +02:00
Martin Willi
1111088aa7
gcrypt mpi based Diffie-Hellman implementation
2009-06-09 11:18:57 +02:00
Martin Willi
a41d0932c2
gcrypt rng implementation
2009-06-09 11:18:57 +02:00
Martin Willi
8e97e32705
use abstract mutex_t for gcrypt locking callbacks
2009-06-09 11:18:56 +02:00
Martin Willi
80862c4637
gcrypt crypter implementation
2009-06-09 11:18:56 +02:00
Martin Willi
f908ff9f91
gcrypt hasher implementation
2009-06-09 11:18:56 +02:00
Martin Willi
513a1a2835
initialize gcrypt threadsave, currently for pthread only
2009-06-09 11:18:56 +02:00
Martin Willi
4977018c23
added skeleton for libgcrypt based crypto plugin
2009-06-09 11:18:56 +02:00
Martin Willi
86ab0bb65e
fixed crash in openssl private_key->get_public_key(), using encode/load workaround
2009-06-09 11:03:35 +02:00
Andreas Steffen
3d2745110e
more concise listing of ESP algorithms
2009-06-09 11:03:35 +02:00
Andreas Steffen
527960de0f
activated INTEGRITY_TEST option in pluto
2009-06-09 11:03:35 +02:00
Andreas Steffen
d615ffdcf3
implement gmp_rsa_private_key.decrypt()
2009-06-09 11:03:35 +02:00
Andreas Steffen
c50ff68d0c
implemented gmp_rsa_public_key.encrypt() method
2009-06-09 11:03:35 +02:00
Andreas Steffen
290b2359c2
some fixes in pkcs7.c
2009-06-09 11:03:35 +02:00
Andreas Steffen
23d7e76788
hooray, pluto and scepclient do not depend on libgmp anymore
2009-06-09 11:03:34 +02:00
Andreas Steffen
53df4793d4
pkcs7.c also uses signature_scheme_from_oid()
2009-06-09 11:03:34 +02:00
Andreas Steffen
f3e87f5935
created signature_scheme_from_oid() helper function
2009-06-09 11:03:34 +02:00
Andreas Steffen
9410aa262a
hardened OpenPGP parser
2009-06-09 11:03:34 +02:00
Andreas Steffen
123fdf700a
updated documentation on leftsendcert
2009-06-09 11:03:33 +02:00
Andreas Steffen
b6f19a6ab4
used rsa coeff field in OpenPGP secret key payload
2009-06-09 11:03:33 +02:00
Andreas Steffen
1bb4d7dd79
fixed OpenPGPv3 fingerprint computation
2009-06-09 11:03:33 +02:00
Andreas Steffen
d17a120598
fixed OpenPGP parsing
2009-06-09 11:03:33 +02:00
Andreas Steffen
ca062e48ee
moved PGP types to pgp/pgp.h
2009-06-09 11:03:33 +02:00
Andreas Steffen
8b799d55ce
pluto and scepclient use private and public key plugins of libstrongswan
2009-06-09 11:03:32 +02:00
Martin Willi
b00fbdb55a
updated medcli/medsrv plugins to use new auth_cfg API, fixes compilation
2009-06-05 14:15:39 +02:00
Martin Willi
ec0b9ac97c
added missing identification.h include
2009-06-04 13:49:51 +02:00
Martin Willi
2fdca5e3cb
apply is_anyaddr fix from socket also to socket-raw
2009-06-03 17:56:55 +02:00
Martin Willi
c4f59ccec0
fixed ENUM naming of XCBC prf
2009-06-02 14:41:53 +02:00
Martin Willi
9474a0d90c
added a charon.install_virtual_ip option to disable IP installation for testing
2009-06-02 13:45:29 +02:00
Andreas Steffen
14c408ee4a
_updown script fix for ALT Linux, courtesy of Michael Shigorin
2009-05-29 08:10:02 +02:00
Andreas Steffen
af1feed96a
NO_CREDENTIAL_FACTORY compile option not needed anymore
2009-05-28 15:44:22 +02:00
Andreas Steffen
e24aaddde0
hide credentials headers in credential_factory.h
2009-05-28 15:35:02 +02:00
Martin Willi
178bf4c5e9
register the already implemented AUTH_HMAC_SHA1_160 algorithm
2009-05-28 15:03:57 +02:00
Andreas Steffen
435e23e647
set parsed = TRUE before calling parse_certificate()
2009-05-27 09:52:53 +02:00
Andreas Steffen
e0daac5536
fixed typo
2009-05-27 08:46:13 +02:00
Andreas Steffen
ebb97511e6
dh_exponent_ansi_x9_42 is now a libstrongswan setting
2009-05-26 18:32:52 +02:00
Andreas Steffen
517895bd05
eliminated ipsec_policy.h
2009-05-26 17:19:26 +02:00