Tobias Brunner
ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
Andreas Steffen
367e1e22b8
checksum need a libradius_init() symbol
2012-04-05 16:52:37 +02:00
Andreas Steffen
e90e106117
version bump to 4.6.3rc1
2012-04-05 09:11:47 +02:00
Andreas Steffen
4626e49ad9
remove leading zero in ASN.1 encoded serial numbers
2012-04-05 09:04:11 +02:00
Andreas Steffen
5ff99529e6
ASN.1 two's complement encoding prevents overflow in CRL serial number
2012-04-04 11:29:12 +02:00
Tobias Brunner
bad192069f
Make AES-CMAC actually usable for IKEv2.
2012-04-04 10:51:46 +02:00
Martin Willi
89a5881c63
Added another bunch of commonly used IKEv1 NATT vendor IDs
2012-04-04 10:32:15 +02:00
Andreas Steffen
4670661d6d
represent 0 as a single byte
2012-04-03 14:19:37 +02:00
Andreas Steffen
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
Andreas Steffen
4e5b7e09ee
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:49:05 +02:00
Andreas Steffen
5893d1b156
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:48:48 +02:00
Andreas Steffen
f54c4ed8d6
added GSPM IKEv2 payload
2012-04-03 12:21:39 +02:00
Andreas Steffen
d1391b8fdb
fixed typo
2012-04-03 12:07:13 +02:00
Tobias Brunner
37d43ebbde
Doxygen fixes.
2012-04-03 10:56:47 +02:00
Tobias Brunner
d7590217c3
Added NEWS about cmac plugin.
2012-04-03 10:48:03 +02:00
Tobias Brunner
811e7490f6
Added test vectors for AES-CMAC.
2012-04-03 10:45:09 +02:00
Tobias Brunner
c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
Tobias Brunner
9a6b1cb412
Fixed GNU license header in hmac and xcbc plugins.
2012-04-03 10:33:59 +02:00
Martin Willi
4bc7577db2
More detailed NEWS about RADIUS extensions
2012-04-02 13:58:21 +02:00
Andreas Steffen
0293f09597
updated supported EAP methods
2012-03-30 11:15:10 +02:00
Tobias Brunner
ef511fc03d
Add support for dnQualifier in DNs.
2012-03-29 10:01:55 +02:00
Andreas Steffen
e464894e8b
remove leading zeros in ASN.1 encoded serial numbers
2012-03-27 15:05:36 +02:00
Tobias Brunner
a281494abd
Added NEWS about resolvconf support.
2012-03-27 10:44:21 +02:00
Tobias Brunner
ed2cab08d2
Make resolvconf interface prefix configurable.
2012-03-27 10:44:21 +02:00
Tobias Brunner
caae5a5c0f
Added support for the resolvconf framework in resolve plugin.
...
If /sbin/resolvconf is found nameservers are not written directly to
/etc/resolv.conf but instead resolvconf is invoked.
2012-03-27 10:44:21 +02:00
Tobias Brunner
6e921f2017
Use single DBG2 statements in kernel_netlink plugin (i.e. ignore mark.value).
2012-03-27 10:37:56 +02:00
Tobias Brunner
817ab8a8d4
Don't cast second argument of mem_printf_hook (%b) to size_t.
...
Also treat the given number as unsigned int.
Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).
In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.
2012-03-27 09:10:34 +02:00
Tobias Brunner
adfd3b992f
smp: Use proper signed type to get return value of read(2).
2012-03-27 09:10:33 +02:00
Tobias Brunner
008e2df477
pluto: Use time_monotonic() instead of a custom implementation.
2012-03-27 09:10:33 +02:00
Tobias Brunner
8e066237a7
Don't include individual glib headers in nm plugin.
...
Expections are glib/gi18n.h, glib/gi18n-lib.h, glib/gprintf.h and
glib/gstdio.h.
2012-03-26 15:23:17 +02:00
Martin Willi
3110744a6b
Fix null-terminated XAuth passwords, as sent by Android 4
2012-03-22 15:09:25 +01:00
Martin Willi
83d77866f4
Store authentication info of a XAUTH round on IKE_SA
2012-03-22 09:06:31 +01:00
Martin Willi
79f39ecf5d
Added a getter for CHILD_SA marks
2012-03-22 09:06:12 +01:00
Martin Willi
3de54af7ec
Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid
2012-03-22 09:05:56 +01:00
Andreas Steffen
80abe22f65
fixed parsing of IF-MAP SOAP responses
2012-03-21 14:25:19 +01:00
Martin Willi
4f3cf61dfd
Reply with received configuration payload identifier in Mode Config
2012-03-20 18:06:29 +01:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Tobias Brunner
d112a7e1fe
Properly handle retransmitted initial IKE messages.
...
This change allows to properly handle retransmits of initial IKE
messages when we've already processed them (i.e. our response is now resent
immediately).
2012-03-20 17:31:41 +01:00
Tobias Brunner
de9357bb44
Implemented table of init hashes without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
6f0cca20d8
Implemented table of connected peers without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
3489370458
Implemented table of half open IKE_SAs without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
e49bb4e3e3
Don't use linked_list_t for buckets in main IKE_SA hash table.
2012-03-20 17:31:41 +01:00
Tobias Brunner
894c52cba2
Fixed deadlock if checkin_and_destroy is called during shutdown.
2012-03-20 17:31:40 +01:00
Tobias Brunner
4b2f428f40
Do not clone hashes of initial IKE messages when storing them in the hash table.
2012-03-20 17:31:40 +01:00
Tobias Brunner
20e3d5ea00
Store IKEv2 IKE_SAs by local SPI in the IKE_SA manager hash table.
...
For IKEv1 the previous behavior of always using the initiator's SPI as
key is maintained.
2012-03-20 17:31:40 +01:00
Tobias Brunner
71cf97871f
Added separate hashtable for hashes of initial IKE messages.
...
This does not require us to do a lookup for an SA by SPI first.
2012-03-20 17:31:40 +01:00
Tobias Brunner
68611395dc
chunk_equals_ptr added to compare chunks given as pointers.
2012-03-20 17:31:40 +01:00
Tobias Brunner
1726795fa9
Store the major IKE version on ike_sa_id_t.
2012-03-20 17:31:40 +01:00
Tobias Brunner
8254e7ecb8
Implemented handling of UNITY_LOAD_BALANCE as reauthentication.
2012-03-20 17:31:40 +01:00
Martin Willi
a7d3b0e098
Check if we actually have a packet before retransmitting it
2012-03-20 17:31:40 +01:00