059c479a2f
check integrity of libstrongswan
2009-06-22 15:47:17 +02:00
960e0c1040
check integrity of plugins before loading
2009-06-22 15:47:17 +02:00
20d4fc97cf
implemented an integrity checker class to build and check code integrity
2009-06-22 15:47:16 +02:00
31b9c10800
removed unneeded newline
2009-06-22 15:35:18 +02:00
1ea31180a0
HASH_MD2 is not implemented yet in gcrypt
2009-06-18 10:03:05 +02:00
3d7250d472
added test vector for NULL encryption
2009-06-18 09:59:24 +02:00
c233bb932a
added test vector for NULL encryption
2009-06-18 09:42:05 +02:00
21142d40d1
added md2 and md4 test vectors
2009-06-18 09:32:57 +02:00
6561694796
added 2 des test vectors
2009-06-18 08:23:51 +02:00
0e9ded6838
removed serpent and twofish plugins - use gcrypt instead
2009-06-18 07:27:40 +02:00
bfab805898
removed superfluous print argument
2009-06-17 22:54:57 +02:00
e1101d5994
added 2 RC5 test vectors
2009-06-17 22:34:03 +02:00
ed65740846
added 2 IDEA test vectors
2009-06-17 21:53:30 +02:00
364786b69f
added 6 serpent test vectors
2009-06-17 21:37:26 +02:00
142b7326a6
added 3 Twofish test vectors
2009-06-17 15:50:27 +02:00
a36c082da6
added one CAST-128 test vector
2009-06-17 15:24:20 +02:00
1db85f2cc7
corrected ASN.1 encoding of OID node
2009-06-17 15:08:03 +02:00
61bfc3acae
added 6 Camellia test vectors
2009-06-17 14:22:00 +02:00
22511bbd34
added 6 Camellia test vectors
2009-06-17 14:21:34 +02:00
53095480af
conversion from CAMELLIA OIDs to encryption_algorithm
2009-06-17 13:12:48 +02:00
7417d35ee0
fixed tabs
2009-06-17 13:08:19 +02:00
688705eec2
added camellia-cbc OIDs
2009-06-17 13:07:07 +02:00
942127a602
fixed 64 bit warning
2009-06-17 12:32:28 +02:00
c3fcdd9322
added 2 3DES-CBC and 3 AES-CBC test vectors
2009-06-17 00:08:44 +02:00
b07ffa2490
reformatted crypto_test output
2009-06-16 14:58:49 +02:00
62d6da67dd
support older gcrypt libraries not defining the CAMELLIA cipher
2009-06-16 14:23:32 +02:00
24d7b25d21
fixed compiler warning
2009-06-16 14:21:55 +02:00
26999f2511
increased verbosity of successful crypto tests
2009-06-16 09:54:28 +02:00
72e174f966
removed one hierarchy level for crypto test options
2009-06-16 09:48:45 +02:00
cd312fcc43
remove whitespace
2009-06-15 19:30:44 +02:00
25ecb8dafa
gcrypt actually does not implement IDEA
2009-06-15 18:18:04 +02:00
d32b14db5e
implemented gcrypt RSA encrypt/decrypt operations
2009-06-15 18:07:57 +02:00
810ce1f336
added a gcrypt.quick_random option to generate weak testing keys faster
2009-06-15 18:06:16 +02:00
04b348f61a
implemented IKEv1 specific SIGN_RSA_EMSA_PKCS1_NULL scheme in gcrypt
2009-06-15 14:47:39 +02:00
3176e4421f
check if RSA key is large enough to sign a chunk of data
2009-06-15 13:49:30 +02:00
e7227f0ba0
use save chunk advancing, check signature length
2009-06-15 13:37:52 +02:00
2b92fc9880
test_vectors.h is part of the distribution
2009-06-13 15:17:24 +02:00
11e6d28533
pluto supports ECDSA authentication
2009-06-12 19:59:49 +02:00
b59e239335
added SHA2 HMAC signer test vectors
2009-06-12 11:09:09 +02:00
095f971c10
added a FIPS_PRF test vector
2009-06-12 10:40:38 +02:00
371a54c7a9
added support for stateful PRFs (such as the FIPS_PRF)
2009-06-12 10:39:47 +02:00
701381ceb8
added SHA2 HMAC PRF test vectors
2009-06-11 20:26:01 +02:00
d94d68e404
added SHA2 test vectors
2009-06-11 18:14:30 +02:00
f02d144095
added SHA1 test vectors
2009-06-11 17:17:33 +02:00
2df93f467b
added HMAC SHA1 test vectors
2009-06-11 17:05:56 +02:00
764708b4e0
added HMAC MD5 test vectors
2009-06-11 16:44:20 +02:00
c698da8cb4
added RNG test vectors
2009-06-11 15:56:00 +02:00
e091d5100f
added MD5 test vectors
2009-06-11 15:56:00 +02:00
54916d79d6
added AES-XCBC test vectors for signer/prf
2009-06-11 15:56:00 +02:00
005163805d
added test vectors for AES128 CBC
2009-06-11 15:56:00 +02:00
6f4f83e333
added blowfish test vectors from pluto
2009-06-11 15:56:00 +02:00
81811a9d8b
added a plugin providing crypto test vectors
2009-06-11 15:55:59 +02:00
28a0728b67
make use of the crypto_tester in the crypto_factory
...
libstrongswan.crypto.test.on_add to test algorithms during initialization
libstrongswan.crypto.test.on_create to test algorithms on each instantiation
2009-06-11 15:55:48 +02:00
3e8891667b
implemented a crypto_tester class to test crypto algorithms
...
libstrongswan.crypto.test.required to require at least one test vector to use an algorithm
libstrongswan.crypto.test.rng_true to run RNG tests on RNG_TRUE quality
2009-06-11 15:54:44 +02:00
6f299040fb
handling hashers and rngs as transform types (in private range)
2009-06-11 14:17:16 +02:00
e51f607221
gcrypt blowfish supports 128 bit key size only
2009-06-11 14:13:17 +02:00
355bab380c
additional check in case of non-positive months
2009-06-10 15:33:39 +02:00
dfa5fb0358
implemented IKEv1 RSA signing in openssl_rsa_private_key.c
2009-06-10 15:29:57 +02:00
29bbfc11ee
implemented IKEv1 signature verification in openssl_rsa_public_key.c
2009-06-10 13:43:51 +02:00
c04bf43363
fixed typo in asn1.c
2009-06-10 12:00:26 +02:00
95c00dfcf9
fixed DoS vulnerability in the parsing of ASN.1 time strings
2009-06-10 11:39:17 +02:00
b29832c74f
fixed DoS vulnerability in the parsing of distinguished names
2009-06-09 22:03:33 +02:00
2d870072fa
asn1_integer() ensures correct DER encoding of ASN1_INTEGER (two's complement)
2009-06-09 13:27:59 +02:00
3240cab978
gcrypt RSA public key implementation
2009-06-09 11:27:26 +02:00
ff8d3ba355
gcrypt RSA private key implementation
2009-06-09 11:27:11 +02:00
ccd1464586
use autoconf macro provided by libgcrypt
2009-06-09 11:18:57 +02:00
1111088aa7
gcrypt mpi based Diffie-Hellman implementation
2009-06-09 11:18:57 +02:00
a41d0932c2
gcrypt rng implementation
2009-06-09 11:18:57 +02:00
8e97e32705
use abstract mutex_t for gcrypt locking callbacks
2009-06-09 11:18:56 +02:00
80862c4637
gcrypt crypter implementation
2009-06-09 11:18:56 +02:00
f908ff9f91
gcrypt hasher implementation
2009-06-09 11:18:56 +02:00
513a1a2835
initialize gcrypt threadsave, currently for pthread only
2009-06-09 11:18:56 +02:00
4977018c23
added skeleton for libgcrypt based crypto plugin
2009-06-09 11:18:56 +02:00
86ab0bb65e
fixed crash in openssl private_key->get_public_key(), using encode/load workaround
2009-06-09 11:03:35 +02:00
d615ffdcf3
implement gmp_rsa_private_key.decrypt()
2009-06-09 11:03:35 +02:00
c50ff68d0c
implemented gmp_rsa_public_key.encrypt() method
2009-06-09 11:03:35 +02:00
f3e87f5935
created signature_scheme_from_oid() helper function
2009-06-09 11:03:34 +02:00
9410aa262a
hardened OpenPGP parser
2009-06-09 11:03:34 +02:00
b6f19a6ab4
used rsa coeff field in OpenPGP secret key payload
2009-06-09 11:03:33 +02:00
1bb4d7dd79
fixed OpenPGPv3 fingerprint computation
2009-06-09 11:03:33 +02:00
d17a120598
fixed OpenPGP parsing
2009-06-09 11:03:33 +02:00
ca062e48ee
moved PGP types to pgp/pgp.h
2009-06-09 11:03:33 +02:00
8b799d55ce
pluto and scepclient use private and public key plugins of libstrongswan
2009-06-09 11:03:32 +02:00
c4f59ccec0
fixed ENUM naming of XCBC prf
2009-06-02 14:41:53 +02:00
e24aaddde0
hide credentials headers in credential_factory.h
2009-05-28 15:35:02 +02:00
178bf4c5e9
register the already implemented AUTH_HMAC_SHA1_160 algorithm
2009-05-28 15:03:57 +02:00
435e23e647
set parsed = TRUE before calling parse_certificate()
2009-05-27 09:52:53 +02:00
ebb97511e6
dh_exponent_ansi_x9_42 is now a libstrongswan setting
2009-05-26 18:32:52 +02:00
517895bd05
eliminated ipsec_policy.h
2009-05-26 17:19:26 +02:00
80cbbfed36
make signer names consistent
2009-05-19 22:56:14 +02:00
4dc4c11efd
added des and default length cbc encryption algorithms
2009-05-19 15:45:01 +02:00
4491d66692
add _CBC to all encryption algorithms in CBC mode
2009-05-19 10:02:24 +02:00
5908478527
moved definition of proposal_token from proposal.c to proposal_keywords.h
2009-05-19 10:02:24 +02:00
24cd2ca6ee
moved very stroke specific x509 flag handling out of core library
2009-05-18 10:42:16 +02:00
5e3b318c69
didn't want to commit that
2009-05-15 22:47:36 +02:00
433cb51bb9
moved IKEv2 proposals and transforms to libstrongswan
2009-05-15 22:43:48 +02:00
dcf47581a8
shortened DH group names
2009-05-15 20:58:04 +02:00
deb73fee10
fixed fatal typo
2009-05-15 14:17:05 +02:00
9caceb6ed5
updated prf identifiers
2009-05-15 13:49:05 +02:00
b79ca7858b
updated integrity algorithm identifiers
2009-05-15 13:48:44 +02:00
5020a456c0
more intuitive leap year check
2009-05-15 09:36:55 +02:00
24bb9fdbf7
also support 192 bit keys for Twofish and Serpent
2009-05-15 01:48:56 +02:00
315fd57225
fixed copy-and-paste caption error
2009-05-15 01:40:27 +02:00
1bfb8007c2
got rid of libcrypto
2009-05-15 01:28:48 +02:00
b5fd65e95c
cleaned up pluto's crypto framework
2009-05-14 22:56:10 +02:00
9908e8785c
completed serpent plugin
2009-05-14 22:30:24 +02:00
12eece1b27
cosmetics
2009-05-14 22:25:38 +02:00
978c2df17a
completed twofish sources
2009-05-14 16:51:53 +02:00
4a85e33ccc
ported twofish as a plugin
2009-05-14 15:39:31 +02:00
13bb168485
fixed 32 bit overflow check
2009-05-14 15:39:31 +02:00
0a8ad227d4
renamed ENCR_TWOFISH and ENCR_SERPENT to ENCR_TWOFISH_CBC and ENCR_SERPENT_CBC, respectively
2009-05-14 13:55:56 +02:00
24400cf617
fixed setting of variable key length
2009-05-14 13:55:56 +02:00
7eea232f44
clone iv before blowfish en|decryption
2009-05-14 13:55:56 +02:00
910221c236
fixed indentation
2009-05-14 13:55:55 +02:00
30a896173b
compute ASN.1 to UTC time without time functions
2009-05-14 13:55:55 +02:00
3783980edb
changed TRUE/FALSE to 1/0
2009-05-14 13:55:55 +02:00
3bc613d01d
blowfish block size is 8 bytes
2009-05-14 13:55:55 +02:00
42dd330305
fixed caption
2009-05-14 13:55:55 +02:00
28ef27bfda
implemented blowfish as a plugin
2009-05-11 15:25:36 +02:00
7d86641d6f
corrected debug output of passphrase
2009-05-11 13:54:30 +02:00
d36ae9e305
started migration to encryption plugins
2009-05-09 00:04:28 +02:00
bf45d6dd3b
added a configure option to enable the Vstr string library even if register_printf_function is available
2009-04-24 05:32:17 +02:00
65ea37abcd
fixed timezone compensation when parsing ASN.1 dates
2009-05-08 15:23:50 +02:00
c42d1469e6
defined ENCR_TWOFISH and ENCR_SERPENT
2009-05-08 07:51:24 +02:00
e43b1e4a5b
inserted HASH_MD4 in increasing order
2009-05-07 23:19:19 +02:00
84f1164c77
some additional .gitignore's
2009-05-07 10:33:30 +02:00
e382d96f62
compiler warning fixed
2009-05-06 09:11:19 -04:00
a9f56adb59
more portable handling of the bool data type (Mac OS X has stdbool.h)
2009-05-06 09:11:13 -04:00
938b230fa7
renamed some conflicting function names
2009-05-06 09:11:07 -04:00
f52e9c1aa8
gethostbyname_r is not supported on Mac OS X (but gethostbyname uses thread-local buffers)
2009-05-06 09:11:03 -04:00
ebe01cae0f
use prfs for IKEv1 hmacs
2009-05-04 23:38:57 +02:00
78e6e0a33c
fixed typo
2009-05-04 23:08:29 +02:00
8c45f0f102
added support for AUTH_HMAC_SHA1_160
2009-05-04 23:01:40 +02:00
2c36ebb58e
moved hasher to the correct doxygen group
2009-05-04 16:10:13 +02:00
bc2e33ca96
pluto and scepclient use the random plugin from libstrongswan
2009-04-30 18:31:48 +00:00
8c5d72cd0b
removing svn keyword $Id$ from all files
2009-04-30 13:19:35 +00:00
d24a74c5b4
merging changes from portability branch back to trunk
...
important change for developers: %Y replaces %D to print identities!
2009-04-30 11:37:54 +00:00
466f11bfaf
added .gitignore files, ready for the switch
2009-04-30 07:42:30 +00:00
f67eebccc8
changed RNG_REAL to RNG_TRUE
2009-04-29 09:13:20 +00:00
e67197a7f9
pluto and scepclient use the curl and ldap fetcher plugins
2009-04-29 08:09:35 +00:00
be0a03be64
set default CFLAGS globally, including -Wno-format
2009-04-27 11:34:07 +00:00
da17b0169a
added return_true/false() dummy functions
2009-04-24 14:08:42 +00:00
090ba9453c
fixed compiler warnings on 64bit
2009-04-22 08:26:54 +00:00
4985ad6e4a
pluto and scepclient use the regular libstrongswan library
2009-04-21 12:26:04 +00:00
08b2d288a1
scepclient and pluto use asn1 from libstrongswan
2009-04-20 20:53:38 +00:00
d41071802d
support of the enum printf_hook
2009-04-20 09:32:59 +00:00
3eb5042e9c
migrated write_chunk() to chunk_write()
2009-04-20 06:58:00 +00:00
54c4de63c0
scepclient uses the optionsfrom parser from libstrongswan
2009-04-18 17:43:28 +00:00
a6e3ec1389
created pluto and scepclient now use libstrongswan-lite
2009-04-18 14:50:31 +00:00
a376e44577
pluto and scepclient now use chunk_t from libstrongswan
2009-04-17 16:41:26 +00:00
9b91b81870
ported most of the libstrongswan chunk_t macros to pluto
2009-04-17 16:11:33 +00:00
63176bbcb0
moved strcaseeq() macro from constants.h to utils.h
2009-04-17 09:52:49 +00:00
247e665a44
support of the ESP CAMELLIA-CBC cipher by charon
2009-04-17 09:15:15 +00:00
98e7317daa
fixed OID encoding
2009-04-17 08:28:53 +00:00
6319cd74ea
pluto uses the libstrongswan leak detective and a stripped-down version of library_t
2009-04-16 08:25:47 +00:00
cfa42285a4
asn1_build_known_oid() includes ASN1_OID tag and length
2009-04-16 08:18:22 +00:00
f3ec7ef7de
added missing curly brackets
2009-04-15 18:37:59 +00:00
0bd7ad6cff
added create_part_enumerator() to indentity, allows to enumerate RDNs etc.
2009-04-14 14:32:22 +00:00
c31687daa7
moved RDN OIDs to oid.txt, use asn1_get_known_oid() for lookup
2009-04-14 13:53:06 +00:00
56807f35b9
implemented asn1_get_known_oid(), mapping OID index to ASN1 OID
2009-04-14 13:50:23 +00:00
b63f4c75e2
added missing string.h include
2009-04-14 10:50:29 +00:00
a44bb9345f
merged multi-auth branch back into trunk
2009-04-14 10:34:24 +00:00
15e247922d
moved AUTH_HMAC_MD5_128 to IANA defined number
2009-04-02 13:53:20 +00:00
9bada09057
remove ambiguity by setting parentheses
2009-03-27 08:58:48 +00:00
5021380d35
fixed ASN.1 to time_t conversion on 32-bit system for dates after Jan 19 03:14:07 UTC 2038
2009-03-27 08:54:10 +00:00
e82c369519
implementation of contains_wildcards() for ID_DER_ASN1_DN identities
2009-03-26 13:25:46 +00:00
1490ff4d9b
updated Doxyfile
...
properly close all doxygen groups
fixed remaining doxygen warnings
2009-03-24 17:43:01 +00:00
4a6b84a934
reintegrated eap-radius branch into trunk
2009-03-24 10:24:58 +00:00
c3340cf8da
respect port in create_dns/create_from_string when passing %any
2009-03-19 09:16:03 +00:00
ce67ab162d
print IPv6 %any hosts as %any6
2009-03-19 09:04:20 +00:00
c5c969639c
fixed compiler warning
2009-03-19 08:54:39 +00:00
9717826f10
fallback to family specific %any(6) if kernel lookup fails
2009-03-16 14:23:36 +00:00
8065780f4a
the parameters field in an ASN.1 algorithmIdentifier is optional
2009-03-13 20:22:24 +00:00
6e7c0b1e44
fixing DES ECB decryption
2009-03-12 18:38:13 +00:00
d25ce3701e
printf hooks refactored to increase portability (i.e. support for platforms without glibc-compatible customizable printf - the Vstr string library is currently required on such platforms).
2009-03-12 18:07:32 +00:00
7b76702587
ECB mode added to the DES plugin
2009-02-19 14:29:25 +00:00
5fa7aed491
des ecb enum value changed, ignores set for md4 plugin
2009-02-19 13:46:08 +00:00
e7c336c6ab
added Id svn:keyword
2009-02-19 10:16:45 +00:00
1e0d1ae213
support of MD4 hash
2009-02-19 10:06:58 +00:00
b250665f58
adding enum elements for MD4 and DES (ECB)
2009-02-18 19:45:46 +00:00
b8fa437fb7
adding MD4 and DES (ECB) to openssl plugin
2009-02-18 19:41:33 +00:00
2d887e8e08
removed unused extract_last_token() and the required memrchr implementation
2009-02-18 09:45:54 +00:00
c59825fbfc
support of dynamic/128 and %any6
2009-02-05 22:13:48 +00:00
b59f154b09
proper initialization and disposal of keying material
2009-01-15 01:52:44 +00:00
48032aed00
add a compatible memrchr() function if the platform does not support it (e.g. old glibc). Patch courtesy to Thomas Jarosch
2009-01-09 01:19:45 +00:00
2241a29571
support for Padlock RNG
2008-12-18 16:21:05 +00:00
5045eeba7b
proper feature probing for padlock
2008-12-17 15:40:01 +00:00
f30150d3da
correct use of calloc in hashtable_t
2008-12-17 09:56:05 +00:00
abfde23ae9
added an additional frame to lock profiling backtraces
2008-12-15 09:13:43 +00:00
7a485e90bd
leak detective binds execution to a signle core, avoids corruption on SMP machines
2008-12-12 09:10:52 +00:00
d6dc0a21fb
incremental version of chunk_hash
2008-12-10 13:43:51 +00:00
d5d5bc0f16
using rwlock to parallel build credentials
2008-12-09 15:57:51 +00:00
5e5b2dc105
use thread-safe variant of gmtime
2008-12-09 15:00:30 +00:00
20fbc4277e
fixed hashtable->get_count() after doubling table size
2008-12-09 11:13:52 +00:00
aa5c5d3fde
removed debugging leftovers
2008-12-08 19:15:38 +00:00
df68b54f4e
basic x509 certificate generation
2008-12-08 15:29:36 +00:00
9eb85cffe1
whitelisted another pthread_setspecific implementation
2008-12-08 15:27:24 +00:00
d21b3549f7
accept NULL values in hashtable enumerator
2008-12-05 12:34:17 +00:00
19e0010f51
hashtable enumerator enumerates over both, key and values
2008-12-05 10:01:52 +00:00
ffa6450695
fixed off by one error
2008-12-04 16:33:39 +00:00
0442562516
leak whitelisting of OPENSSL_config()
2008-12-04 09:23:53 +00:00
9c674e7214
fixed refactoring error in openac
2008-12-04 04:34:49 +00:00
83c42156a2
add support for smartcards in charon by using the ENGINE API provided by OpenSSL, based on patches by Michael Roßberg.
2008-12-03 10:12:20 +00:00
c3bdc3cd7f
enable quoted tokens in the token enumerator
2008-12-03 10:03:59 +00:00
81736d7d24
added memstr and extract_token_str helper functions
2008-12-03 09:45:58 +00:00
0948edbbff
adding general purpose hash table
2008-12-03 09:32:16 +00:00
efd0fe21e4
ref_get()/ref_put() use atomic gcc operations if supported, thanks to Thomas Jarosch for the patch
2008-12-02 12:14:32 +00:00
f464d75070
added time.h include for struct tm
2008-12-02 08:46:15 +00:00
9413628b87
token enumerator missed the last token if it contains only a single char
2008-11-27 09:21:52 +00:00
e2cb07d713
inlined some short chunk functions, showed up in the profiler
2008-11-26 10:08:36 +00:00
4fd233a73e
memxor() tweaks, as it is heavily used in xcbc
2008-11-26 10:06:59 +00:00
6df2731e78
replacing the pthread_mutex in scheduler_t with the wrapped implementation.
...
added a method to condvar_t which allows to wait for an absolute timeout.
2008-11-25 19:30:02 +00:00
ed6146ffbe
performance optimization for the DOS protection.
...
* half-open SAs per peer are tracked in a hash table
* charon.dos_protection setting replaced with charon.cookie_threshold and charon.block_threshold
* chunk_hash function added
2008-11-25 13:16:05 +00:00
a20abb81e9
added a MODP_NULL Diffie Hellman group to avoid calculation overhead in load-testing
2008-11-22 16:14:55 +00:00
8f45ece098
expecting int sized length arguments to chunk_split, as vararg functions use integers
2008-11-21 08:11:24 +00:00
b8cbb6451c
ported some hard-to-merge cherries back to trunk :-/
...
shame, svn, shame: this was ways to complicated
we should consider a switch to git...
2008-11-12 15:09:24 +00:00
479f295049
fixed compiler warnings issued by:
...
gcc 4.3
curl.h gcc type-checking
glibc with enabled FORTIFY_SOURCE checking
2008-11-11 18:37:19 +00:00
ea625fabf9
merging kernel_klips plugin back into trunk
2008-11-11 09:22:00 +00:00
c198fc5548
whitelisting localtime_r
2008-11-10 16:44:27 +00:00
f821bfb2b3
fixed leak in host_create_from_string("%any")
2008-11-10 16:42:05 +00:00
c9ef4cee46
settings section enumeration
...
printf style key lookup
2008-11-07 15:08:53 +00:00
e2764b3937
use of host_create_any() for %any address
2008-11-07 05:15:19 +00:00
ebf0e20ae7
fixed leak
...
fixed build if !HAVE_BACKTRACE
2008-11-06 14:05:58 +00:00
e76078e877
use read-write locks in crypto factory for parallelization
2008-11-05 16:21:57 +00:00
27ed987ef7
wrapped all pthread_rwlock_t in profilable rwlock_t
2008-11-05 16:12:54 +00:00
c1be64eaff
wrapped rwlock with profiling support
2008-11-05 15:51:57 +00:00
0214012508
threshhold and ./configure option for lock profiler
2008-11-05 14:36:57 +00:00
f7237cf37a
separated backtrace functionality from leak_detective, used in
...
leak_detective
mutex profiling
signal handler
2008-11-05 13:58:19 +00:00
2abc66b977
proper cleanup of openssl locking code
2008-11-05 12:37:37 +00:00
a492eb2033
fixed iterator regression introduced in [4577]
2008-11-05 11:55:17 +00:00
3ac5a0db8c
replaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant
2008-11-05 11:29:56 +00:00
2662806b2c
get rid of unused iterator hook functions
2008-11-05 08:37:09 +00:00
e13389a7f7
got rid of deprecated create_iterator_locked()
2008-11-05 08:32:38 +00:00
e10b0d0fc0
simple mutex profiler
2008-11-05 07:57:26 +00:00
61670ba284
support of %any address string
2008-11-05 04:53:45 +00:00
7c4fd176db
handle 0.0.0.0 string and af == AF_INET6
2008-11-05 00:41:46 +00:00
7854475f42
OpenSSL requires a signature length of exactly RSA_size()
2008-11-04 14:05:42 +00:00
d4f08fe324
removed superfluous get_other_public_value in diffie_hellman_t interface
2008-11-04 13:12:11 +00:00
ddd7e6c656
fixed bignum export if BN_num_bytes() != DH_size()
2008-11-04 13:05:00 +00:00
dcbea444ee
fixed memleak
2008-11-04 13:01:36 +00:00
7de6da0c88
added locking mechanism for multithreaded use of OpenSSL
2008-11-03 16:14:12 +00:00
ee66fa625e
removed accidently checked in debug code
2008-11-03 12:40:42 +00:00
d6dc9db5ef
reverted 4541, does not fix the problem
2008-11-03 09:44:20 +00:00
e301a69d6c
removed 0-byte truncation, fixes random Openssl RSA signature verification failures
2008-10-31 17:07:04 +00:00
a13862be61
fixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)
2008-10-31 17:05:40 +00:00
19aff61b19
reverted changeset 4529:
...
Camellia is 22 in IKEv1, but not-yet defined in IKEv2
in IKEv2, 22 is reserved for AES-XTS
2008-10-30 13:21:21 +00:00
fdaed5289a
added Camellia CBC to list of encryption algorithms
2008-10-30 03:31:36 +00:00
f65ba4e978
prf handles zero-length allocations graceful
2008-10-29 14:12:54 +00:00
f5ab7f5f57
refining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key
2008-10-28 01:59:01 +00:00
aeaa6a9b45
remove unused local DH_EXPONENT_ENTROPY definition
2008-10-27 00:02:22 +00:00
21a45f2f2d
use 512 bits of entropy for secret DH exponents
2008-10-26 23:53:52 +00:00
104c28d603
fixed perl oid generation
2008-10-16 15:38:48 +00:00
f868dc0ca2
condvar->wait() can handle recursive mutex
2008-10-16 11:29:42 +00:00
1adaa02bb2
merging kernel_pfkey plugin back from kernel-interface branch
2008-10-14 08:46:31 +00:00
d1cbe55127
implemented ipsec listalgs as a stroke command
2008-10-08 07:00:13 +00:00
af09048e35
get_subject() of a CERT_TRUSTED_PUBKEY object returns ID_PUBKEY_INFO_SHA1 hash consistent with the IKEv2 keyid philosophy
2008-10-08 03:35:52 +00:00
95fd1dedb3
Implemented BUILD_BLOB_ASN1_DER for the CERT_TRUSTED_PUBKEY subtype
2008-10-08 01:19:26 +00:00
0592212f23
fixed builder_cancel macro to return NULL on failed build
2008-10-06 13:08:49 +00:00
ceff3064fe
using signed return value for read()
2008-09-30 06:27:50 +00:00
cdaf57ec34
fixed DH value range testing
2008-09-17 09:02:30 +00:00
73f6886a50
checking mpz_export return value properly
...
fixes a potential DoS attack if a DH value of zero gets processed
2008-09-17 08:10:48 +00:00
b33c11b6c7
stroke parses and lists AC groups
2008-09-17 02:17:01 +00:00
07d7f9a402
time values in strongswan.conf can be optionally specified in days (d), hours (h), minutes (m), or seconds (s)
2008-09-04 16:19:46 +00:00
6af6f88a79
agent plugin optionally accepts a BUILD_PUBLIC_KEY to select a specific private key from the agent
2008-09-04 08:35:11 +00:00
21c9546321
libstrongswan agent plugin to use ssh-agent for RSA signatures
2008-09-02 11:04:26 +00:00
f7c17aa15c
refactored credential builder
...
allow enumeration of matching builders
try a second builder if the first one fails
builder clones resources internally on demand
caller frees added resources on failure and success
stricter handling of non-supported build parts
2008-09-02 11:00:13 +00:00
4da0116d78
OIDs used by strongSwan
2008-09-01 11:38:03 +00:00
e609b1cda2
capability API to allow plugin-controlled capability set
2008-08-28 16:27:48 +00:00
e577ad3985
creating default IKE proposals dynamically using algorithm enumeration API
2008-08-28 11:07:57 +00:00
f1b014b9a3
separated sha1_prf implementation from sha1_hasher
2008-08-28 10:57:24 +00:00
9482208633
crypto_factory algorithm enumeration API
...
implementation of "ipsec listalgs"
2008-08-28 09:24:42 +00:00
6c20579a43
mkdir_p: utility function to create a directory and all required parent directories
2008-08-28 07:47:55 +00:00
822901061b
ported parts of two-sim branch
...
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones
2008-08-22 10:44:51 +00:00
1caa265c61
a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM
2008-08-21 12:10:07 +00:00
dc6a2edd0d
corrected caption
2008-08-21 11:58:58 +00:00
2d6559b107
added sqlite busy handler: retries on locking conflicts
2008-08-21 09:25:06 +00:00
af165431d2
fixed libstrongswan integrity test
2008-08-19 18:51:30 +00:00
092a9b88ad
added options for virtual IP, UDP encapsulation, IPComp
...
proper handling of libstrongswan/glib TRUE/FALSE conflict
2008-07-31 14:32:11 +00:00
fc861b0b7e
added a driver type getter for database implementations
2008-07-21 11:13:06 +00:00
11e855179e
using token enumerator to parser plugin list
2008-07-02 08:19:43 +00:00
fca4d3ee03
implementation of a simple "token enumerator"
2008-07-02 08:09:07 +00:00
fe5d7c43be
whitelisting leaks of ENGINE_load_builtin_engines
2008-07-01 07:53:03 +00:00
7da767f773
sqlite plugin requires libsqlite3 => 3.3.1 to share connections
...
use recursive locking if libsqlite3 < 3.5.0
2008-06-30 11:06:18 +00:00
854a2e1760
fixed ifndef typo for MYSQL_DATA_TRUNCATED check
2008-06-26 07:31:52 +00:00
236083cb56
fixed plugin loader destruction
2008-06-25 14:53:49 +00:00
1b7d2e31a6
enabling support for hardware accelerators in OpenSSL
2008-06-25 12:39:32 +00:00
fae6e24dad
reintroducing MYSQL_DATA_TRUNCATED if supported on that mysql version
2008-06-24 14:30:14 +00:00
eec675bf8c
enumerating loaded plugins in "ipsec statusall"
2008-06-24 12:49:04 +00:00
0d12006def
support of ECDSA signatures for all certificate types
2008-06-22 17:41:07 +00:00
1345ebad0f
removed unused MYSQL_DATA_TRUNCATED check for compatibility with older mysql versions
2008-06-20 07:37:55 +00:00
eab63e8476
fixed matches() check for RFC822/FQDN without wildcards
2008-06-13 15:10:01 +00:00
1726ca1027
implemented identification_t.match() case insensitive for RFC822/FQDN
2008-06-12 14:17:37 +00:00
66860d3b8f
loading PEM encoded public keys
2008-06-11 14:10:02 +00:00
d1ebd5de22
reduced default debug hook verbosity
2008-06-11 14:09:46 +00:00
e484f7f3dd
fixed resolving numerical IPv6 addresses in host_create_from_dns()
2008-06-11 07:44:23 +00:00
d35effa89b
fixed resolving numerical addresses in host_create_from_dns()
2008-06-11 07:31:24 +00:00
a57e0580f6
refactoring
2008-06-10 09:19:18 +00:00
ea0823dffd
ECDSA with OpenSSL
2008-06-10 09:08:27 +00:00
2904403e96
parsing of subjectPublicKeyInfo of x509 certificates extracted
2008-06-10 09:00:42 +00:00
80205e2fbc
oids for elliptic curves
2008-06-10 07:37:32 +00:00
468d45e68b
making the parsing of parameters of a subjectAlgorithmIdentifier optional
2008-06-10 07:36:44 +00:00
208b3baf10
fixed "enabled" value key word
...
more debugging for settings parser
2008-06-10 07:14:34 +00:00
5a22a02156
DNS resolving of ike_cfg hosts dynamically on demand
2008-06-06 15:05:54 +00:00
915e04b2dd
extended leak detective white list for OpenSSL
2008-06-06 08:13:11 +00:00
e581a31d6a
link against openssl crypto library only
2008-06-06 08:04:42 +00:00
0f7aecf402
fixed NULL string mysql parameter
2008-06-05 08:24:55 +00:00
9fa66e8bbf
removed unused variable
2008-06-03 12:14:02 +00:00
0caf2b936e
added missing comma in enumeration
2008-05-29 06:55:03 +00:00
7fe3ae88e4
handle default key sizes in openssl_crypter
2008-05-28 12:20:38 +00:00
ed26207d08
fixed copy-and-paste error
2008-05-23 19:23:04 +00:00
49b2395e3b
check if parsing of the RSA public key in an X.509 certificate was successful
2008-05-23 19:22:37 +00:00
731ac6bf52
check if crypter is available in pem_to_bin()
2008-05-23 19:18:08 +00:00
5e17e35c8d
fixed some compiler warnings
2008-05-23 15:49:43 +00:00
0672aa7b0e
added display of holderIssuer, holderSerial, and authorityKeyIdentifier
2008-05-23 14:24:24 +00:00
eaa1399812
fixed the strongswan.conf path
2008-05-22 21:59:30 +00:00
7199d22e77
implement basic listing of attribute certificates
2008-05-22 21:58:22 +00:00
17188f20dd
Id and typo
2008-05-22 12:13:10 +00:00
346e9c5712
added the ECP groups from RFC 5114
2008-05-22 11:55:05 +00:00
fc1a31d54b
added ECDH with OpenSSL (see RFC 4753)
2008-05-22 11:39:17 +00:00
58ac5e2ff4
fixed segmentation fault caused by malformed attribute certificates
2008-05-21 22:53:45 +00:00
4f23ec78d1
added more verbosity if signature hash OID is unknown
2008-05-21 13:01:58 +00:00
49aeafc502
removed debug statement
2008-05-20 16:23:58 +00:00
7f02156ebf
fixed whitespace eating in plugin loader
2008-05-20 15:03:15 +00:00
367cc86f4a
added missing break in case statement
2008-05-19 20:10:26 +00:00
081a14cd33
added an error message when strongswan.conf cannot be read
2008-05-19 13:20:33 +00:00
550690d23b
fixed the cleanup code when the credential factory fails to create a builder
2008-05-19 12:43:01 +00:00
0b0fba9e0d
fixed warning if plugin list has trailing whitespaces
2008-05-16 13:48:58 +00:00
3f730ec1cd
Added support for AES-CCM and AES-GCM (authenticated encryption algorithms) in charon.
2008-05-16 13:27:21 +00:00
1ba62b5562
loading default modules depending on configure options
2008-05-16 08:52:32 +00:00
a3d92a3745
plugin load configuration in strongswan.conf
...
some components accept a "component.load" option with a space separated list of plugins to load
libcharon- plugins are now handled the same way as libstrongswan- plugins
2008-05-15 14:01:26 +00:00
84770ded1e
RSA with OpenSSL
2008-05-15 12:41:06 +00:00
144274ab20
corrected deinitialisation of public key factory
2008-05-15 12:39:35 +00:00
c1571b34fd
generic public key factory moved
2008-05-15 12:33:00 +00:00
1d56d328fd
typo
2008-05-14 11:10:37 +00:00
c0d1ebde71
fixed printing of %#H hosts
2008-05-14 06:34:54 +00:00
f3884f6da6
reverted [3945], proper fix for zero value ASN1 integer
2008-05-13 14:15:12 +00:00
7af8995cde
fixed unsave calculation of mpz_export length
2008-05-13 13:52:45 +00:00
02ffd89642
decreased plugin load verbosity
2008-05-13 09:14:36 +00:00
5dc317192a
support for left bounded padding in %H and %D
2008-05-09 12:25:39 +00:00
e69f33f6e2
whitelisted gmtime_r
2008-05-09 12:24:11 +00:00
9f9903a3b3
supporting width modifier in identification_t printf hook (e.g. %30D)
...
cleanups in host_t %H printf hook
2008-05-09 11:34:58 +00:00
0f074a4344
implemented append mode for xcbc, testcase
2008-05-08 14:51:37 +00:00
affd7a90ba
moved RAW public key support to a separate plugin (pubkey)
2008-05-08 13:16:42 +00:00
240e727fde
renamed PRF_AES128_CBC to PRF_AES128_XCBC
2008-05-08 12:43:27 +00:00
25b12c696b
replaced --with-gid/uid by --with-group/user
...
using named users, groups
fixed capability dropping in pluto
2008-05-08 10:58:04 +00:00
f8277a8370
added configure check and support for sqlite3 libraries without sqlite3_prepare_v2
2008-05-07 14:41:13 +00:00
4ce78f9356
fixed 3DES encryption
2008-05-07 11:54:30 +00:00
86ab5636c2
support for @#hex ID_KEY_ID identification_t
2008-05-06 13:45:14 +00:00
c963c4bc15
fixed parsing of openssl format public keys
2008-05-06 12:56:36 +00:00
cc0cb93553
printf "width" support for hosts (e.g. %15H)
2008-05-05 08:31:43 +00:00
Martin Willi