sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
16,761 Commits 101 Branches 327 Tags
Commit Graph

16761 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Steffen
11b4a87050 Version bump to 5.7.0rc1 5.7.0rc1 2018-09-16 09:30:18 +02:00
Andreas Steffen
9a4b47ef96 testing: Extended Botan scenarios 2018-09-16 09:30:18 +02:00
Tobias Brunner
d2a1834d01 NEWS: Added some news for 5.7.0 2018-09-12 18:41:53 +02:00
Tobias Brunner
bbe72f97f9 travis: Silence git checkout for Botan 2018-09-12 17:18:15 +02:00
Tobias Brunner
c46a94e0cc Merge branch 'botan-plugin' 
Adds a wrapper plugin for the Botan crypto library.

Closes strongswan/strongswan#109.
 2018-09-12 16:25:07 +02:00
Tobias Brunner
1bbb736edc travis: Use a fix revision for Botan and speed up subsequent builds via ccache 2018-09-12 16:25:00 +02:00
Tobias Brunner
24af02b00d travis: Use amalgamation build for Botan and build outside our source tree 
This merges all source files into botan_all.cpp, which reduces the build
time by almost 50%. Building outside the strongSwan tree avoids analyzing
Botan with sonarqube.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
a80069e7bf gcrypt: Make generic DH constructor static 2018-09-12 16:25:00 +02:00
Tobias Brunner
e5d5277467 travis: Build botan plugin also in the tests that build everything 2018-09-12 16:25:00 +02:00
Tobias Brunner
9c6bcb21f0 travis: Only add the sonarcloud addon for that build 2018-09-12 16:25:00 +02:00
Andreas Steffen
72a6831e7c testing: Added botan/rw-cert scenario 2018-09-12 16:25:00 +02:00
Tobias Brunner
a5c682e87d testing: Enable Botan and the plugin 
ldconfig is required, otherwise the library won't be found by
strongSwan in the same session.

Should later be changed to 2.8.0 or a newer stable release.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
b4062c4bb7 botan: Add support for X25519 2018-09-12 16:25:00 +02:00
Tobias Brunner
40b3bf6ba7 botan: Simplify DH/ECDH key derivation 2018-09-12 16:25:00 +02:00
Tobias Brunner
125222dca7 test-vectors: Add the actual test vector from RFC 8031 for x25519 
The existing test vector is from RFC 8037.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
e5e500c07e ike-init: Fix leak if KE payload creation fails 2018-09-12 16:25:00 +02:00
Tobias Brunner
472efd3809 leak-detective: Add an option to ignore frees of unknown memory blocks 
This also changes how unknown/corrupted memory is handled in the free()
and realloc() hooks in general.

Incorporates changes provided by Thomas Egerer who ran into a similar
issue.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
9ee23d5efa travis: Add Botan build 
We build Botan directly from the master branch until 2.8.0 is released.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
c064a5288e leak-detective: Whitelist some Botan functions 
Due to the mangled C++ function names it's tricky to be more specific.  The
"leaked" allocations are from a static hashtable containing EC groups.

There is another leak caused by the locking allocator singleton
(triggered by the first function that uses it, usually initialization of
 a cipher, but could be a hasher in other test runners), but we can avoid
that with a Botan config option.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
304d4ca57a botan: Adhere to configured DH exponent length 2018-09-12 16:25:00 +02:00
Tobias Brunner
bd267c863f botan: Encode private keys as PKCS#8 
Since we can now parse that encoding directly we can simplify the private
key export and stick to PKCS#8.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
607f10dca4 botan: Load public/private keys generically 
Simplifies public key loading and this way unencrypted PKCS#8-encoded
keys can be loaded directly without pkcs8 plugin (code for encrypted
keys could probably later be added, if necessary).

It also simplifies the implementation of private_key_t::get_public_key()
a lot.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
72491b7843 botan: Encode curve OID and public key in EC private key 
Without OID we can't generate an algorithmIdentifier when loading the
key again. And older versions of OpenSSL insist on a public key when
e.g. converting a key to PKCS#8.

Simply unwrapping the ECPrivateKey structure avoids log messages when
parsing other keys in the KEY_ANY case.
 2018-09-12 16:25:00 +02:00
Tobias Brunner
ba7e74291e pkcs1: Accept EC private keys without public key but make sure of an OID 2018-09-12 16:25:00 +02:00
Tobias Brunner
de2a24310c botan: Fixes, code style changes plus some refactorings 
Some changes rely on newly added FFI functions in Botan's master
branch.
 2018-09-12 16:25:00 +02:00
René Korthaus
13f113f7a9 botan: Add MD5 support to Botan hasher 
Support MD5 in the Botan plugin if supported by Botan.
MD5 is required for RADIUS and obviously EAP-MD5,
and also for non-PKCS#8 encoded, encrypted private keys.
 2018-09-12 16:25:00 +02:00
René Korthaus
04ecaff6a9 unit-tests: Remove 768 bits RSA gen test 
Botan only allows RSA generating keys >= 1,024 bits, which makes
the RSA test suite fail. It is questionable whether it makes
sense to test 768 bit RSA keys anymore. They are too weak
from today's perspective anyway.
 2018-09-12 16:25:00 +02:00
René Korthaus
af26cc4d85 botan: Add Botan plugin to libstrongswan 2018-09-12 16:25:00 +02:00
Tobias Brunner
66c4735f99 dumm: Remove the Dynamic UML Mesh Modeler framework 
This has been pretty much defunct for several years (requires a
specially patched UML-enabled guest kernel).
 2018-09-12 15:53:55 +02:00
Tobias Brunner
948c42ab2e android: Properly set log file path 2018-09-12 11:44:57 +02:00
Tobias Brunner
bd61236b4a conf: Document new filelog configuration 2018-09-12 11:42:38 +02:00
Tobias Brunner
f6b4ba2a65 library: Return FALSE from library_init() if loaded settings are invalid 
This way daemons won't start with config files that contain errors.
 2018-09-11 18:30:18 +02:00
Tobias Brunner
71dca60c31 settings: Don't allow dots in section/key names anymore 
This requires config changes if filelog is used with a path that
contains dots. This path must now be defined in the `path` setting of an
arbitrarily named subsection of `filelog`.  Without that change the
whole strongswan.conf file will fail to load, which some users might
not notice immediately.
 2018-09-11 18:30:18 +02:00
Tobias Brunner
85afe81e1f ike-auth: Remove unnecessary case statement 2018-09-11 18:18:50 +02:00
Tobias Brunner
a0c302f878 vici: Remove unreachable code 
If list is TRUE any type but VICI_LIST_END and VICI_LIST_ITEM (i.e.
including VICI_END) is already handled in the first block in this
function.
 2018-09-11 18:18:50 +02:00
Tobias Brunner
954e75effa vici: Lease enumerator is always defined 
mem_pool_t always returns an enumerator.
 2018-09-11 18:18:50 +02:00
Tobias Brunner
55fb268b51 stroke: Lease enumerator is always defined 
This function is only called for existing pools (under the protection of
a read lock).
 2018-09-11 18:18:50 +02:00
Tobias Brunner
648709b392 smp: Remove unreachable initializer 
Execution in this block will start with any of the case statements,
never with the initialization.
 2018-09-11 18:18:49 +02:00
Tobias Brunner
23d756e4f0 eap-sim-pcsc: Fix leak in error case 2018-09-11 18:18:49 +02:00
Tobias Brunner
e2d8833f2b travis: Add sonarcloud build 2018-09-11 18:18:43 +02:00
Tobias Brunner
f5481496d6 travis: Automatically retry install steps 
There occasionally are network issues when fetching from Ubuntu/PPA
repos.  Let's see if this is a possible fix.
 2018-09-11 18:17:28 +02:00
Tobias Brunner
80e8845d36 swanctl: Allow passing a custom config file for each --load* command 
Mainly for debugging, but could also be used to e.g. use a separate file
for connections and secrets.
 2018-09-11 18:14:45 +02:00
Tobias Brunner
7257ba3b44 Merge branch 'ikev2-ppk' 
Adds support for Postquantum Preshared Keys for IKEv2.

Fixes #2710.
 2018-09-10 18:05:12 +02:00
Tobias Brunner
d1c5e6816d testing: Add some PPK scenarios 2018-09-10 18:04:23 +02:00
Tobias Brunner
755985867e swanctl: Report the use of a PPK in --list-sas 
If we later decide the PPK_ID would be helpful, printing this on a
separate line would probably make sense.
 2018-09-10 18:03:30 +02:00
Tobias Brunner
c4d2fdd915 vici: Return PPK state of an IKE_SA 2018-09-10 18:03:27 +02:00
Tobias Brunner
e4d85011e4 ikev2: Mark IKE_SAs that used PPK during authentication 2018-09-10 18:03:18 +02:00
Tobias Brunner
6627706786 eap-authenticator: Add support for authentication with PPK 2018-09-10 18:03:03 +02:00
Tobias Brunner
18f8249415 pubkey-authenticator: Add support for authentication with PPK 2018-09-10 18:03:03 +02:00
Tobias Brunner
46bdeaf359 psk-authenticator: Add support for authentication with PPK 2018-09-10 18:03:03 +02:00