]>
git.ipfire.org Git - people/ms/strongswan.git/log
Tobias Brunner [Fri, 17 Feb 2012 14:39:25 +0000 (15:39 +0100)]
Extracted some parts from Android.mk.in which can be used for NDK builds.
Tobias Brunner [Thu, 16 Feb 2012 17:41:10 +0000 (18:41 +0100)]
Use filter instead of findstring to check for enabled plugins in Android.mk.
findstring is not prefix-safe (i.e. android matches android-log). On
the other hand filter matches words separated by whitespace and if no
wildcard (%) is used the full word has to match.
Tobias Brunner [Thu, 16 Feb 2012 17:17:09 +0000 (18:17 +0100)]
Moved Android specific logger to separate plugin.
This is mainly because the other parts of the existing android plugin
can not be built in the NDK (access to keystore and system properties are
not part of the stable NDK libraries).
Tobias Brunner [Thu, 16 Feb 2012 16:13:37 +0000 (17:13 +0100)]
Link android plugin against liblog in the NDK.
Doesn't seem to hurt the build within the source tree.
Tobias Brunner [Mon, 13 Feb 2012 17:04:04 +0000 (18:04 +0100)]
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
Tobias Brunner [Fri, 10 Feb 2012 13:51:18 +0000 (14:51 +0100)]
Make path to Android OpenSSL headers configurable.
Tobias Brunner [Fri, 10 Feb 2012 13:16:54 +0000 (14:16 +0100)]
Don't require STRONGSWAN_CONF to be defined.
Tobias Brunner [Fri, 10 Feb 2012 13:11:19 +0000 (14:11 +0100)]
Don't require PLUGINDIR to be defined.
If it is not available, we just load monolithically built plugins.
Martin Willi [Wed, 8 Aug 2012 12:54:03 +0000 (14:54 +0200)]
Remove queued IKEv1 message before processing it
Avoids destruction or processing of a queued message in
recursive process_message() call.
Tobias Brunner [Thu, 2 Aug 2012 14:16:58 +0000 (16:16 +0200)]
Include src address in hash of initial message for Main Mode
If two initiators use the same SPI and also use the same SA proposal the
hash for the initial message would be exactly the same. For IKEv2 and
Aggressive Mode that's not a problem as these messages include random
data (Ni, KEi payloads).
Andreas Steffen [Tue, 7 Aug 2012 13:05:59 +0000 (15:05 +0200)]
implemented deletion of product_file database entries
Adrian-Ken Rueegsegger [Mon, 6 Aug 2012 09:12:25 +0000 (11:12 +0200)]
Add DH group 15 (MODP-3072) to IKE proposal
Martin Willi [Fri, 3 Aug 2012 13:25:17 +0000 (15:25 +0200)]
PEM loading soft-depends on MD5 only, as unencrypted files don't need MD5
Fixes #211.
Martin Willi [Fri, 3 Aug 2012 11:11:45 +0000 (13:11 +0200)]
Rebuild charon after running ./configure to reflect plugin changes
Martin Willi [Fri, 3 Aug 2012 11:07:19 +0000 (13:07 +0200)]
Block XAuth transaction on established IKE_SAs, but allow Mode Config
Tobias Brunner [Fri, 3 Aug 2012 09:23:17 +0000 (11:23 +0200)]
Implemented recursive mutex without thread-specific counter
Tobias Brunner [Fri, 3 Aug 2012 08:47:33 +0000 (10:47 +0200)]
Use a single thread-specific value for our custom rwlock_t implementation
The pthread implementation on Android currently only supports 64
different thread-specific values per process, which we hit easily when
every rwlock_t requires one.
Martin Willi [Fri, 3 Aug 2012 08:50:21 +0000 (10:50 +0200)]
Fix linking of addrblock plugin when building monolithic
Fixes #212.
Martin Willi [Thu, 2 Aug 2012 10:50:31 +0000 (12:50 +0200)]
Reject initial exchange messages early once IKE_SA is established
Martin Willi [Thu, 2 Aug 2012 10:23:59 +0000 (12:23 +0200)]
Add some more NEWS about 5.0.1
Martin Willi [Thu, 2 Aug 2012 10:06:51 +0000 (12:06 +0200)]
Move MODP_CUSTOM va_arg fetching out of loop
It seems problematic at least on PPC with gcc 4.3, fixes #208.
Andreas Steffen [Tue, 31 Jul 2012 15:25:07 +0000 (17:25 +0200)]
updated NEWS
Andreas Steffen [Tue, 31 Jul 2012 14:46:40 +0000 (16:46 +0200)]
libimcv requires nonce plugin
Martin Willi [Tue, 31 Jul 2012 11:41:59 +0000 (13:41 +0200)]
Lookup IKEv1 PSK even if the peer identity is not known
Andreas Steffen [Mon, 30 Jul 2012 21:19:25 +0000 (23:19 +0200)]
update state before handling status
Andreas Steffen [Mon, 30 Jul 2012 18:48:05 +0000 (20:48 +0200)]
implemented support if functional sub-components
Andreas Steffen [Mon, 30 Jul 2012 18:44:15 +0000 (20:44 +0200)]
extended and documented ipsec attest
Tobias Brunner [Fri, 27 Jul 2012 12:45:15 +0000 (14:45 +0200)]
Proper fallback if capability dropping is not available
Tobias Brunner [Fri, 27 Jul 2012 11:39:18 +0000 (13:39 +0200)]
The use of $< in Makefiles is not portable
It requires GNU make which is not what most people use on e.g. FreeBSD.
Fixes #205.
Tobias Brunner [Fri, 27 Jul 2012 09:36:59 +0000 (11:36 +0200)]
Include stdint.h for UINTxx_MAX defines
Fixes #205.
Andreas Steffen [Fri, 27 Jul 2012 09:47:09 +0000 (11:47 +0200)]
measure all kernel modules and optimize firefox and thunderbird measurements
Andreas Steffen [Fri, 27 Jul 2012 09:45:56 +0000 (11:45 +0200)]
with --relative --file do not insert absolute filenames into database
Martin Willi [Thu, 26 Jul 2012 13:45:49 +0000 (15:45 +0200)]
Don't include acquiring packet traffic selectors in IKEv1
As we only can negotiate a single TS in IKEv1, don't prepend the
triggering packet TS, as we do in IKEv2. Otherwise we don't establish
the TS of the configuration, but only that of the triggering packet.
Fixes #207.
Martin Willi [Thu, 26 Jul 2012 13:02:37 +0000 (15:02 +0200)]
Implement late peer config switching after XAuth authentication
If additional authentication constraints, such as group membership,
is not fulfilled by an XAuth backend, we search for another
peer configuration that fulfills all constraints, including those
from phase1.
Martin Willi [Thu, 26 Jul 2012 10:40:27 +0000 (12:40 +0200)]
Check if XAuth round complies to configured authentication round
Martin Willi [Thu, 26 Jul 2012 10:39:53 +0000 (12:39 +0200)]
Show which group would be required when failing in constraint check
Martin Willi [Thu, 26 Jul 2012 10:38:34 +0000 (12:38 +0200)]
Don't add ANY identity constraint to auth config, as XAuth rounds don't use one
Martin Willi [Thu, 26 Jul 2012 10:07:48 +0000 (12:07 +0200)]
Merge auth config items added from XAuth backends to IKE_SA
Martin Willi [Thu, 26 Jul 2012 09:49:46 +0000 (11:49 +0200)]
Add an ipsec.conf leftgroups2 parameter for the second authentication round
Andreas Steffen [Mon, 23 Jul 2012 20:19:20 +0000 (22:19 +0200)]
IMA SHA1 file measurement is not needed any more
Andreas Steffen [Mon, 23 Jul 2012 20:17:53 +0000 (22:17 +0200)]
fixed typo
Martin Willi [Mon, 23 Jul 2012 15:13:20 +0000 (17:13 +0200)]
Release leaking child config after uninstalling shunt policy
Andreas Steffen [Mon, 23 Jul 2012 11:04:28 +0000 (13:04 +0200)]
moved PA-TNC message logging to level 1
Andreas Steffen [Mon, 23 Jul 2012 10:51:37 +0000 (12:51 +0200)]
transport IMA file info via PTS Component Evidence Policy URI
Andreas Steffen [Sun, 22 Jul 2012 07:29:39 +0000 (09:29 +0200)]
ipsec attest now deletes file hashes
Andreas Steffen [Sat, 21 Jul 2012 14:43:24 +0000 (16:43 +0200)]
buffer PA-TNC attributes until Generate Attestation Evidence attribute is received
Andreas Steffen [Sat, 21 Jul 2012 13:58:08 +0000 (15:58 +0200)]
allow --rel as an abbreviation for --relative
Andreas Steffen [Sat, 21 Jul 2012 13:56:39 +0000 (15:56 +0200)]
moved all shadow PCR stuff to the pts_pcr class
Martin Willi [Fri, 20 Jul 2012 14:14:29 +0000 (16:14 +0200)]
Support Unity split-include/exclude options in attr plugin
Martin Willi [Thu, 19 Jul 2012 12:48:37 +0000 (14:48 +0200)]
Don't print hexdumps on loglevel 1 if hash verification fails
Andreas Steffen [Fri, 20 Jul 2012 12:57:28 +0000 (14:57 +0200)]
created a pts_pcr class for PCR computations
Andreas Steffen [Fri, 20 Jul 2012 12:04:16 +0000 (14:04 +0200)]
renamed build_database.sh to build-database.sh
Andreas Steffen [Thu, 19 Jul 2012 16:27:08 +0000 (18:27 +0200)]
why the hell do firefox, thunderbird and acroread their own Linux libraries?
Martin Willi [Thu, 19 Jul 2012 06:28:07 +0000 (08:28 +0200)]
Add a libstrongswan-dev debian package with development headers
Martin Willi [Thu, 19 Jul 2012 06:44:55 +0000 (08:44 +0200)]
Pass CC/CFLAGS to ./configure, not to make, adding -include config.h
Martin Willi [Tue, 3 Jul 2012 08:59:05 +0000 (10:59 +0200)]
Upgraded our Debian package to 5.0
Andreas Steffen [Thu, 19 Jul 2012 11:49:20 +0000 (13:49 +0200)]
added some multiply defined libraries
Andreas Steffen [Thu, 19 Jul 2012 11:48:32 +0000 (13:48 +0200)]
queries with relative filenames might return multiple results
Andreas Steffen [Wed, 18 Jul 2012 20:00:58 +0000 (22:00 +0200)]
updated build_database.sh
Andreas Steffen [Wed, 18 Jul 2012 20:00:35 +0000 (22:00 +0200)]
added index to files table
Andreas Steffen [Wed, 18 Jul 2012 11:55:08 +0000 (13:55 +0200)]
updated build_database.sh
Martin Willi [Wed, 18 Jul 2012 14:46:05 +0000 (16:46 +0200)]
Fix EAP-MSCHAPv2 master key derivation, broken with
87dd205b
Martin Willi [Wed, 18 Jul 2012 13:35:40 +0000 (15:35 +0200)]
Remove debugging leftovers
Martin Willi [Wed, 18 Jul 2012 10:28:16 +0000 (12:28 +0200)]
Add a SHA1 test vector forcing padding over block boundary
Andreas Steffen [Wed, 18 Jul 2012 09:33:39 +0000 (11:33 +0200)]
builds an Ubuntu 12.04 LTS measurement database
Andreas Steffen [Wed, 18 Jul 2012 09:32:24 +0000 (11:32 +0200)]
minor fixes in attest
Martin Willi [Tue, 17 Jul 2012 15:11:01 +0000 (17:11 +0200)]
Add a tool to burn hashers
Martin Willi [Tue, 17 Jul 2012 15:31:02 +0000 (17:31 +0200)]
Use centralized hasher names in pki utility
Martin Willi [Tue, 17 Jul 2012 15:30:47 +0000 (17:30 +0200)]
Use centralized hasher names in coupling plugin
Martin Willi [Tue, 17 Jul 2012 15:30:23 +0000 (17:30 +0200)]
Use centralized hasher names in openssl plugin
Martin Willi [Tue, 17 Jul 2012 13:35:02 +0000 (15:35 +0200)]
Add short names for hasher algorithms
Andreas Steffen [Tue, 17 Jul 2012 14:38:55 +0000 (16:38 +0200)]
various PTS fixes
Andreas Steffen [Tue, 17 Jul 2012 11:44:02 +0000 (13:44 +0200)]
parcel IMA file measurements into batches
Andreas Steffen [Tue, 17 Jul 2012 11:42:58 +0000 (13:42 +0200)]
register _check_file_measurement() method
Martin Willi [Tue, 17 Jul 2012 09:32:13 +0000 (11:32 +0200)]
Fix tls_prf bug introduced with
bc474883
Andreas Steffen [Tue, 17 Jul 2012 09:16:11 +0000 (11:16 +0200)]
check IMA file measurements against database reference
Martin Willi [Tue, 17 Jul 2012 08:58:53 +0000 (10:58 +0200)]
Support void return values in OpenSSL 0.9.8 HMAC functions
Andreas Steffen [Mon, 16 Jul 2012 20:54:38 +0000 (22:54 +0200)]
handled return values in tnc-pdp
Andreas Steffen [Mon, 16 Jul 2012 20:44:45 +0000 (22:44 +0200)]
fixed potential hasher problem in IMA template hash
Andreas Steffen [Mon, 16 Jul 2012 20:39:34 +0000 (22:39 +0200)]
fixed potential hasher problems
Andreas Steffen [Mon, 16 Jul 2012 16:08:49 +0000 (18:08 +0200)]
use a nonce for a PA-TNC message identifier
Andreas Steffen [Mon, 16 Jul 2012 15:14:27 +0000 (17:14 +0200)]
ipsec attest supports ima template hashes
Martin Willi [Tue, 10 Jul 2012 13:11:25 +0000 (15:11 +0200)]
Handle PRF failures in eap-aka-3gpp2
Martin Willi [Tue, 10 Jul 2012 12:51:17 +0000 (14:51 +0200)]
Refactored error handling in keymat_v1_t
Martin Willi [Tue, 10 Jul 2012 12:28:08 +0000 (14:28 +0200)]
Clean up error handling in keymat_v2_t
Martin Willi [Tue, 10 Jul 2012 12:24:46 +0000 (14:24 +0200)]
Cleaned up memory management and return values for encryption payload
Martin Willi [Tue, 10 Jul 2012 11:37:59 +0000 (13:37 +0200)]
Fix memory management in SIM/AKA crypto functions
Martin Willi [Tue, 10 Jul 2012 11:19:36 +0000 (13:19 +0200)]
Test reset() of hasher in crypto tester
Martin Willi [Tue, 10 Jul 2012 07:49:38 +0000 (09:49 +0200)]
Refactored error handling in crypto tester
Martin Willi [Tue, 10 Jul 2012 07:07:13 +0000 (09:07 +0200)]
Set a key before benching PRFs
Martin Willi [Tue, 10 Jul 2012 07:06:15 +0000 (09:06 +0200)]
Resetting OpenSSL HMAC with NULL key reuses existing key
Martin Willi [Tue, 10 Jul 2012 07:03:38 +0000 (09:03 +0200)]
Make sure HMAC_Init is called before HMAC_Update, fixes crash
Martin Willi [Mon, 9 Jul 2012 15:55:52 +0000 (17:55 +0200)]
Check and forward syscall errors in AF_ALG
Martin Willi [Mon, 9 Jul 2012 15:26:14 +0000 (17:26 +0200)]
Add a return value to hasher_t.reset()
Martin Willi [Mon, 9 Jul 2012 15:15:52 +0000 (17:15 +0200)]
Add a return value to hasher_t.allocate_hash()
Martin Willi [Mon, 9 Jul 2012 14:27:09 +0000 (16:27 +0200)]
Add a return value to keymat_v1_t.{get,update,confirm}_iv
Martin Willi [Mon, 9 Jul 2012 13:33:41 +0000 (15:33 +0200)]
Add a return value to hasher_t.get_hash()
Martin Willi [Fri, 6 Jul 2012 14:57:17 +0000 (16:57 +0200)]
Add a return value to crypter_t.set_key()
Martin Willi [Fri, 6 Jul 2012 14:11:15 +0000 (16:11 +0200)]
Add a return value to crypter_t.decrypt()
Martin Willi [Fri, 6 Jul 2012 13:54:03 +0000 (15:54 +0200)]
Add a return value to crypter_t.encrypt