bca34c3717
Moved utils.[ch] to utils folder
2012-10-24 16:07:53 +02:00
f9625952ad
Moved settings_t to utils folder
2012-10-24 16:00:51 +02:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
d5c143e5be
Moved enum_name_t to utils folder
2012-10-24 16:00:50 +02:00
125b37af6d
Moved chunk_t to utils folder
2012-10-24 16:00:50 +02:00
05e448c5cc
Moved printf hooks to utils folder
2012-10-24 16:00:50 +02:00
08944b68ac
Moved integrity_checker_t to utils folder
2012-10-24 16:00:50 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
fdee6b5f5a
Moved packet_t and tun_device_t to networking folder
2012-10-24 15:06:18 +02:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
292d8f41c3
Resolve hosts by DNS name in separate threads so we can cancel them
...
getaddrinfo(3) may block a long time so proper termination of the daemon may
block if DNS servers are not reachable.
getaddrinfo(3) is an optional cancellation point in posix threads so it
might still block a shutdown but at least on Android (with the signal based
pthread_cancel implementation) it works, on Linux starter will kill charon
anyway after a while.
2012-10-18 10:57:55 +02:00
9564f9eb6e
Include all dev headers, even if they are configuration specific
2012-10-02 11:39:55 +02:00
60dc44648f
Added a condvar implementation that works with rwlock_t
2012-09-21 18:16:27 +02:00
8c2ec47149
Moved proposal_keywords to proposal_keywords_static
...
Added new proposal keywords with function to reference the static keywords.
2012-09-13 15:42:38 +02:00
17f806d8d0
fixed Makefile for libstrongswan dev headers
2012-08-14 10:21:28 +02:00
34400edc37
Added utility class to create TUN devices
...
Currently works only on Linux.
2012-08-08 15:41:03 +02:00
156f7e9b85
Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswan
...
This avoids a dependency of libipsec to libhydra.
2012-08-08 15:41:02 +02:00
2dde79aca6
Added a simple blocking queue around linked_list_t
2012-08-08 15:41:02 +02:00
5764a9b355
Moved packet_t to libstrongswan
2012-08-08 15:41:02 +02:00
4c6c934635
With --enable-bfd-backtraces, use binutils libbfd to resolve backtraces
...
The invocation of addr2line to resolve backtrace source locations
is slow and cumbersome. When using libbfd directly, we can eliminate
the overhead of the process invocation. Even better, we can cache
library symbol names, bringing wicked fast lookups. As a neat bonus,
we can resolve static function names.
2012-07-13 13:23:29 +02:00
d4cf9cdf28
fixed libstrongswan/Makefile.am
2012-07-11 23:13:55 +02:00
b188f23199
Install dev headers only if --with-dev-headers= option is set
2012-07-11 11:16:31 +02:00
7115448529
Install libstrongswan development headers
2012-07-11 09:57:07 +02:00
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
12fa85c664
Added wrapper for POSIX spin locks
2012-07-04 10:13:49 +02:00
c4a3c9672a
Make the hmac_t interface a generic interface for message authentication codes
2012-06-25 16:35:06 +02:00
57ff4be874
Simple wrappers for HMAC based prf_t and signer_t implementations added
2012-06-25 16:35:06 +02:00
07f0abd7ac
Updated PKCS#7 parser/generator in libstrongswan.
...
Added some functionality from pluto's version, updated usage of asn1
and crypto primitives. It does compile but is not really tested yet.
2012-06-11 17:09:19 +02:00
04024b5de8
Add nonce plugin implementation
...
This nonce generator uses an RNG to generate nonces. The RNG quality is
currently set to RNG_WEAK which is the same value used in IKE init.
The plugin is enabled and thus built by default.
2012-05-18 08:15:40 +02:00
e2fc09c186
Add nonce generator interface
...
Nonce generators (nonce_gen_t) can be used to get or allocate nonces.
Users can request nonce generators from the crypto factory while nonce
plugins register/remove themselves to/from the crypto factory.
2012-05-18 08:15:40 +02:00
8f6c13271c
Added a wrapper class around POSIX semaphores.
2012-05-02 14:45:37 +02:00
c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
5ec525c1d1
Added PKCS#8 stub plugin.
2012-02-01 18:27:45 +01:00
62b9e2f938
Added support for plugin features
2011-10-14 10:05:44 +02:00
e3edd7e75e
Add enum names for database drivers
2011-10-14 10:04:45 +02:00
629fd2f4f6
Finally removed deprecated iterator_t.
2011-07-06 09:43:46 +02:00
60d62b9e5c
Don't install the libraries directly in lib/.
...
Instead use a subdirectory (prefix/lib/ipsec by default). Also moved the
plugins from libexec to a subdirectory of that dir.
2011-07-05 14:42:14 +02:00
7c4d4d209d
make IMC/IMV pairs independent of libcharon
2011-06-01 16:33:44 +02:00
7e432eff6b
renamed tls_reader|writer to bio_* and moved to libstrongswan
2011-05-31 15:46:51 +02:00
2959ea6f84
Added job priority enum names
2011-05-16 15:24:13 +02:00
13eda8e903
Added a new FETCH_CALLBACK option to fetch data without allocation
2011-04-04 08:48:27 +02:00
2ca52c8048
Implemented an alternative HTTP fetcher based on libsoup
2011-01-17 18:20:06 +01:00
01d3038137
Added plugin stub for advanced X509 constraint checking
2011-01-05 16:46:00 +01:00
e49bd37b5d
Remove x509_flag_names, flags do not work with ENUM()
2011-01-05 16:45:56 +01:00
71c87e3483
Added plugin stub for AF_ALG
2010-12-20 09:52:02 +01:00
e18556e9e9
Moved scheduler and thread pool to libstrongswan.
2010-09-02 19:04:18 +02:00
f13a03add0
Moved EAP type/code definitions to a seprate header file in libstrongswan
2010-08-31 15:35:29 +02:00
908e752201
Rebuild library.lo after changing ./configure options
2010-08-23 12:01:48 +02:00
1a64981048
Implemented a gcm plugin providing GCM mode based on CBC crypters
2010-08-19 19:05:15 +02:00
80a93a1335
Implemented a ccm plugin providing CCM mode based on CBC crypters
2010-08-19 19:05:14 +02:00
df8d0d8703
Implemented an AEAD wrapper for traditional crypter/signer transforms
2010-08-19 12:35:54 +02:00
272f0e1ae4
Added a counter mode wrapper plugin operating on existing CBC crypters
2010-08-13 19:39:59 +02:00
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
0749e91bec
Implemented a generic in-memory credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
6e862e2152
Added PKCS#11 token plugin stub
2010-08-04 09:26:18 +02:00
24d327ab4d
Moved keys/key_encoding.[ch] to cred_encoding.[ch]
2010-07-13 11:02:35 +02:00
1c8c924610
Moved addrblock plugin to libcharon
2010-07-13 10:26:07 +02:00
c2e5cee413
Moved CRL/OCSP checking to a dedicated plugin called revocation
2010-07-13 10:26:07 +02:00
5f9e62c54f
Moved X509 addrBlock validation to a separate addrblock plugin
2010-07-13 10:26:07 +02:00
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00
567d3f1463
Attributes moved from libstrongswan to libhydra.
...
The attribute_manager_t instance is now located on the new hydra object
instead of the lib object.
2010-03-24 18:53:10 +01:00
75dc019252
Moving attr-sql plugin from libstrongswan to libhydra.
2010-03-24 18:53:09 +01:00
40f130dab3
Implemented the PRF_KEYED_SHA1 algorithm in the openssl plugin
2010-03-08 13:16:12 +01:00
0ace35282c
Build libstrongswan before building any plugins during the non-monolithic build (as it was before).
2010-03-05 11:05:32 +01:00
1be3298807
Adding Android.mk files to build charon and libstrongswan with the Android build system.
2010-03-03 10:18:46 +01:00
6ec60bb92b
Link all enabled libstrongswan plugins into the library, link all enabled charon plugins into libcharon.
2010-03-02 10:38:52 +01:00
4a5a5dd290
Using the thread wrapper in charon, libstrongswan and their plugins.
2009-12-23 17:03:41 +01:00
070ac5b0b7
Check if libpthread is required or not.
2009-12-23 17:02:26 +01:00
5fe538504e
Moved implementation of condvar_t to mutex.c because it requires access to private_mutex_t.
2009-12-23 17:02:25 +01:00
eba64cef41
Separated the public interfaces of the threading primitives.
2009-12-23 17:01:53 +01:00
b1f35d0695
Threading primitives separated.
2009-12-23 17:01:30 +01:00
14f7091280
Moved mutex.c to a separate folder in order to cleanly wrap other threading primitives (and utils/mutex.h is now threading.h).
2009-12-23 17:00:58 +01:00
252f38f6f8
fixed distribution list
2009-12-21 22:28:08 +01:00
1125a0be81
moved traffic_selectors from charon to libstrongswan
2009-12-20 14:57:38 +01:00
247794827e
move SQL-based pool functionality to new attr-sql libstrongswan plugin
2009-10-13 17:02:29 +02:00
930443afff
moved attribute_manager to libstrongswan
2009-10-13 13:46:27 +02:00
fc12e3cd2e
pluto now uses x509 plugin for attribute certificate handling
2009-10-05 07:24:28 +02:00
4cb0e1bb76
Added basic support for PGP certificates (no trust relationships yet)
2009-09-15 08:23:48 +02:00
f03e0e9147
support of PKCS#10 certificate request parsing
2009-09-13 21:00:15 +02:00
356b2b2780
pass NULL to library_init() to load settings from default file
2009-09-10 18:52:42 +02:00
5b03a350fc
use NULL to load plugins from default plugin directory
2009-09-10 18:52:42 +02:00
3f310c0d1f
implemented a monotonic timestamping function, unaffected from system time changes
2009-08-31 15:03:35 +02:00
d9b24887a4
added a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins
2009-08-26 11:23:51 +02:00
b457e08fca
moved PGP code to pluto and gpg plugin
2009-08-26 11:23:51 +02:00
5ef478aaee
implemented RFC3110 key builder in a plugin, added generic DNSKEY RR parsing
2009-08-26 11:23:51 +02:00
9493dd2ce0
implemented a pgp plugin providing PGP key parsing builders
2009-08-26 11:23:50 +02:00
1e0f69373a
implemented a pkcs1 plugin providing PKCS#1 key parsing builders
2009-08-26 11:23:50 +02:00
94463a33b4
removed obsolete PEM code in pluto/libstrongswan
2009-08-26 11:23:49 +02:00
160f4c225d
moved PEM parsing functionality to its own plugin
2009-08-26 11:23:48 +02:00
26965b4ef3
OpenSolaris needs libsocket and libnsl for socket().
2009-08-14 14:50:53 +02:00
3974b2fb07
FreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates this function (and the other defined in execinfo.h).
2009-08-07 18:46:25 +02:00
599d2bcea8
Revert "gperf under FreeBSD does not know the -m option."
...
This reverts commit 0ead254919
2009-07-16 15:15:09 +02:00
0ead254919
gperf under FreeBSD does not know the -m option.
...
We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.
2009-07-14 12:09:22 +02:00
67a7bb02ef
moved checksum_builder/libchechsum to top srcdir to respect build order
2009-06-22 15:47:18 +02:00
bef508755b
build integrity_checker.c only if --enable-integrity-test set
2009-06-22 15:47:17 +02:00
e3b7be91e1
removed obsolete INTEGRITY_TEST and fips signer code
...
--enable-integrity-test now conditionally builds libchecksum
2009-06-22 15:47:17 +02:00
12c68f1b3a
implemented a checksum_builder tool to build the checksum library
2009-06-22 15:47:17 +02:00
20d4fc97cf
implemented an integrity checker class to build and check code integrity
2009-06-22 15:47:16 +02:00
0e9ded6838
removed serpent and twofish plugins - use gcrypt instead
2009-06-18 07:27:40 +02:00
81811a9d8b
added a plugin providing crypto test vectors
2009-06-11 15:55:59 +02:00
3e8891667b
implemented a crypto_tester class to test crypto algorithms
...
libstrongswan.crypto.test.required to require at least one test vector to use an algorithm
libstrongswan.crypto.test.rng_true to run RNG tests on RNG_TRUE quality
2009-06-11 15:54:44 +02:00
4977018c23
added skeleton for libgcrypt based crypto plugin
2009-06-09 11:18:56 +02:00
8b799d55ce
pluto and scepclient use private and public key plugins of libstrongswan
2009-06-09 11:03:32 +02:00
433cb51bb9
moved IKEv2 proposals and transforms to libstrongswan
2009-05-15 22:43:48 +02:00
d36ae9e305
started migration to encryption plugins
2009-05-09 00:04:28 +02:00
d24a74c5b4
merging changes from portability branch back to trunk
...
important change for developers: %Y replaces %D to print identities!
2009-04-30 11:37:54 +00:00
be0a03be64
set default CFLAGS globally, including -Wno-format
2009-04-27 11:34:07 +00:00
4985ad6e4a
pluto and scepclient use the regular libstrongswan library
2009-04-21 12:26:04 +00:00
08b2d288a1
scepclient and pluto use asn1 from libstrongswan
2009-04-20 20:53:38 +00:00
d41071802d
support of the enum printf_hook
2009-04-20 09:32:59 +00:00
54c4de63c0
scepclient uses the optionsfrom parser from libstrongswan
2009-04-18 17:43:28 +00:00
a6e3ec1389
created pluto and scepclient now use libstrongswan-lite
2009-04-18 14:50:31 +00:00
d25ce3701e
printf hooks refactored to increase portability (i.e. support for platforms without glibc-compatible customizable printf - the Vstr string library is currently required on such platforms).
2009-03-12 18:07:32 +00:00
1e0d1ae213
support of MD4 hash
2009-02-19 10:06:58 +00:00
2d887e8e08
removed unused extract_last_token() and the required memrchr implementation
2009-02-18 09:45:54 +00:00
48032aed00
add a compatible memrchr() function if the platform does not support it (e.g. old glibc). Patch courtesy to Thomas Jarosch
2009-01-09 01:19:45 +00:00
0948edbbff
adding general purpose hash table
2008-12-03 09:32:16 +00:00
0214012508
threshhold and ./configure option for lock profiler
2008-11-05 14:36:57 +00:00
f7237cf37a
separated backtrace functionality from leak_detective, used in
...
leak_detective
mutex profiling
signal handler
2008-11-05 13:58:19 +00:00
104c28d603
fixed perl oid generation
2008-10-16 15:38:48 +00:00
1adaa02bb2
merging kernel_pfkey plugin back from kernel-interface branch
2008-10-14 08:46:31 +00:00
21c9546321
libstrongswan agent plugin to use ssh-agent for RSA signatures
2008-09-02 11:04:26 +00:00
af165431d2
fixed libstrongswan integrity test
2008-08-19 18:51:30 +00:00
eaa1399812
fixed the strongswan.conf path
2008-05-22 21:59:30 +00:00
affd7a90ba
moved RAW public key support to a separate plugin (pubkey)
2008-05-08 13:16:42 +00:00
27d04e055d
implemented XCBC algorithms (signer, prf) for IKE on top of a crypter
...
supporting ike=...-aesxcbc-... in ipsec.conf
added AUTH_AES_XCBC_96 and PRF_AES128_CBC to default IKE proposal
AES XCBC testcase
2008-04-30 14:26:24 +00:00
17353034f3
added a wrapper plugin for OpenSSL crypters (AES, 3DES, Blowfish etc.)
2008-04-28 14:25:19 +00:00
d3d7e46b8c
refactoring of the ASN.1 parser
2008-04-26 09:24:14 +00:00
9213ad27c2
replaced freeswan ttodata by own chunk_{to|from}_{hex|base64} functions
2008-04-24 13:26:22 +00:00
36d62fac65
experimental Padlock plugin supportin SHA1 and AES-128 for VIA C7 Esther
2008-04-22 08:44:56 +00:00
82d8368bd7
build plugins after daemon/libstrongswan
2008-04-15 07:57:01 +00:00
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
a9184df36b
do not build leak_detective.o if not enabled
2008-04-04 11:38:16 +00:00
1aad8bdfad
makeshift fix of --enable-integrity-test option
2008-03-26 20:16:42 +00:00
7b88a983d8
caching of ocsp responses (experimental), no crl caching yet
2008-03-26 15:21:50 +00:00
26930a8c3e
certificate factory can load certs from file
2008-03-25 22:28:27 +00:00
3e6ee16478
defined *_create_from_file() constructors in libstrongswan/credentials/certificates
2008-03-25 10:12:45 +00:00
bdec2e4f52
refactored openac and its attribute certificate factory
2008-03-20 15:23:52 +00:00
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
e8bfe74289
extended and debugged PKCS#7 signedData support
2008-02-01 14:19:26 +00:00
5f854d7f95
added strneq(x,y,len) macro
2007-10-07 13:35:42 +00:00
d62a4526fd
moved enumerator from libappserv to libstrongswan
2007-10-04 08:21:53 +00:00
b4979ff724
removed some empty lines
2007-09-18 11:23:52 +00:00
15a9d460c0
peer_cfg now knows about group memberships
2007-09-13 15:33:17 +00:00
d8b45dcdd2
build fips_signer and fips_signature with USE_INTEGRITY_TEST condition only
2007-08-29 07:02:13 +00:00
55434a1ba5
started implementation of libstrongswan code integrity check
2007-08-29 00:37:10 +00:00
f880eb2dca
started support of X.509 attribute certificates
2007-04-12 17:49:33 +00:00
241d2ff3bc
support of ldap-based crl fetching
2007-04-06 09:44:06 +00:00
96567fc8a2
fixed compilation warnings and errors when not using curl
2007-03-13 14:52:18 +00:00
1bcb84605f
ocsp signer certificate and ocsp response signature can be verified
2007-03-08 23:29:04 +00:00
Tobias Brunner