sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
11,083 Commits 101 Branches 327 Tags
Commit Graph

11083 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
62516a7465 testing: Increase base image size so there is space for test results on winnetou 2013-06-11 11:01:26 +02:00
Tobias Brunner
053ad34959 testing: Ignore errors when searching for imcv log entries in daemon.log 2013-06-10 18:52:32 +02:00
Tobias Brunner
5d52087b54 Added missing string for full-length HMAC-SHA512 signer 2013-06-10 11:48:18 +02:00
Tobias Brunner
cfae3a227d attr: Fix handling of invalid IPs listed after valid ones 
Invalid IPs listed after a valid one resulted in an attribute
of the same type but with invalid data.
 2013-06-05 17:26:24 +02:00
Martin Willi
169bf6745e attr: fix a compiler warning that family is used uninitialized (seen with -Os) 2013-06-05 15:20:37 +02:00
Martin Willi
bc1c92c9e9 Strictly memwipe_check() for magic only in the affected buffer 
Passing back the buffer address we memwipe() is not ideal, as it could, in
theory, change the behavior of the compiler and not-optimize memwipe(). But
as checking a larger stack is very difficult for different architectures
and compilers, we do it nonetheless for now.
 2013-06-05 15:02:18 +02:00
Tobias Brunner
c480b5f458 Allow memwipe() to be called with NULL argument 2013-05-27 18:41:16 +02:00
Michael Rossberg
e4d5e0114f kernel-netlink: add outer addresses to policy when using BEET mode 2013-05-24 15:09:47 +02:00
Michael Rossberg
5e4b1ad20a openssl: add support for IP addr blocks in X.509 certificates 2013-05-24 15:09:47 +02:00
Andreas Steffen
71d740cac6 Make plugins in standalone libimcv configurable 2013-05-24 12:56:21 +02:00
Volker Rümelin
f8298b9f98 host-resolver: don't try to resolve a plain v4 address to an IPv6 address 
Suppress 'Address family for hostname not supported' errors if a IPv6
client connects in a mixed IPv4/IPv6 environment.
 2013-05-16 11:03:37 +02:00
Martin Willi
21bade294b traffic-selector: inet_pton is successful only if it returns 1 2013-05-16 11:01:27 +02:00
Emanuil Hristov
2ce403438f updown: pass IKE_SA unique ID in PLUTO_UNIQUEID 2013-05-16 10:13:22 +02:00
Martin Willi
e8b2ce1e72 capabilities: leak-detective using dlsym() does not need CAP_SYS_NICE anymore 2013-05-15 17:20:47 +02:00
Martin Willi
b1bd63547b capabilities: initialize supplementary groups only when doing a setuid() 2013-05-15 17:20:47 +02:00
Martin Willi
2e9201f4ef af-alg: fix number of signers after adding untruncated HMAC-SHA-512 (1f2a34d6) 2013-05-15 17:20:36 +02:00
Martin Willi
965348cd7a Raise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILURE 2013-05-15 17:18:03 +02:00
Tobias Brunner
c6e1eda6d0 testing: Set terminal title when logging in via SSH 
Since we always log in as root use a simpler command prompt. And don't
store duplicate commands in the bash command history.
 2013-05-15 10:35:48 +02:00
Tobias Brunner
bd538e8c4a openssl: Only warn about unavailable FIPS mode if the user requested it 2013-05-08 15:23:14 +02:00
Tobias Brunner
c1f1df4b40 Merge branch 'charon-cmd-pkcs12' 
Adds support for PKCS#12 files in charon-cmd and ipsec.secrets.

Also fixes the cleanup of the OpenSSL library in the openssl plugin.
 2013-05-08 15:19:38 +02:00
Tobias Brunner
6040eff900 stroke: Add second password if provided 2013-05-08 15:02:41 +02:00
Tobias Brunner
b7aa6b789e Load pkcs7 plugin in charon (and while we are at it in nm) 2013-05-08 15:02:41 +02:00
Tobias Brunner
1c080407b2 stroke: Fail silently if another builder calls PW callback after giving up 
Also reduced the number of tries to 3.
 2013-05-08 15:02:41 +02:00
Tobias Brunner
4a64c3e9a0 stroke: Cache passwords so the user is not prompted multiple times for the same password 
To verify/decrypt a PKCS#12 container a password might be needed
multiple times.  If it was entered correctly we don't want to bother the
user again with another password prompt.
The passwords for MAC creation and encryption could be different so the
user might be prompted multiple times after all.
 2013-05-08 15:02:41 +02:00
Tobias Brunner
e240b03e68 stroke: Fix prompt and error messages in passphrase callback 2013-05-08 15:02:41 +02:00
Tobias Brunner
7971278c92 stroke: Load credentials from PKCS#12 files (P12 token) 2013-05-08 15:02:41 +02:00
Tobias Brunner
904390e887 openssl: Cleanup thread specific error buffer 2013-05-08 15:02:40 +02:00
Tobias Brunner
3ee2af97bf openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0 2013-05-08 15:02:40 +02:00
Tobias Brunner
780900ab0e openssl: Add PKCS#12 parsing via OpenSSL 2013-05-08 15:02:40 +02:00
Tobias Brunner
651d5ab8e7 openssl: Properly cleanup OpenSSL library 2013-05-08 15:02:40 +02:00
Tobias Brunner
02116fdc2d charon-cmd: Add support for PKCS#12 files 2013-05-08 15:02:40 +02:00
Tobias Brunner
3bd498284e PEM plugin loads PKCS#12 containers from (DER-encoded) files 
It is not actually able to handle PEM encoded PKCS#12 files produced
by OpenSSL.
 2013-05-08 15:02:40 +02:00
Tobias Brunner
abc04e6b3f Remove pluto specific certificate types 2013-05-08 15:02:40 +02:00
Tobias Brunner
f77d6e16d2 charon-cmd: match_me/match_other are optional in callback credentials 2013-05-08 15:02:40 +02:00
Tobias Brunner
89d350f46a charon-cmd: Request password for private keys 2013-05-08 15:02:40 +02:00
Tobias Brunner
1f2a34d6d8 Add support for untruncated HMAC-SHA-512 2013-05-08 15:02:39 +02:00
Tobias Brunner
d8be7d38bf Also support 128-bit RC2 2013-05-08 15:02:39 +02:00
Tobias Brunner
feef637368 Add pkcs12 plugin which adds support for decoding PKCS#12 containers 2013-05-08 15:02:39 +02:00
Tobias Brunner
199fdcadae Function added to convert a hash algorithm to an HMAC integrity algorithm 2013-05-08 15:02:39 +02:00
Tobias Brunner
047fca1169 Support the PKCS#5/PKCS#12 encryption scheme used by OpenSSL for private keys 2013-05-08 15:02:39 +02:00
Tobias Brunner
0d0929fa0c Register PKCS#8 builder for KEY_ANY 2013-05-08 15:02:39 +02:00
Tobias Brunner
8e48e0009a Add support for PKCS#7/CMS encrypted-data 2013-05-08 15:02:39 +02:00
Tobias Brunner
d41e54c68d Move PKCS#12 key derivation to a separate file 2013-05-08 15:02:39 +02:00
Tobias Brunner
594d847f79 PKCS#5 wrapper can decrypt PKCS#12-like schemes 2013-05-08 15:02:38 +02:00
Tobias Brunner
cb38e2f30a Add test vectors for RC2 2013-05-08 15:02:38 +02:00
Tobias Brunner
162c06f2f5 Fix cleanup in crypto_tester if a crypter fails 2013-05-08 15:02:38 +02:00
Tobias Brunner
9d4fc8677f Add implementation of the RC2 block cipher (RFC 2268) 2013-05-08 15:02:34 +02:00
Tobias Brunner
c734c2d875 Extract function to convert ASN.1 INTEGER object to u_int64_t 2013-05-08 14:53:08 +02:00
Tobias Brunner
4076e3ee91 Extract PKCS#5 handling from pkcs8 plugin to separate helper class 2013-05-08 14:53:08 +02:00
Tobias Brunner
b715176ec4 Merge branch 'charon-cmd-agent' 
Adds support for authentication via ssh-agent to charon-cmd (RSA and ECDSA keys
are currently supported).

The new sshkey plugin parses SSH public keys in RFC 4253 format.

SSH public keys can be configured with the left|rightsigkey ipsec.conf option,
which replaces left|rightrsasigkey and takes a public key in one of three
formats: SSH (RFC 4253, ssh: prefix), DNSKEY (RFC 3110, dns: prefix, not the
full RR, only the actual RSA key), or PKCS#1 (the default, no prefix).
As before the keys are either encoded in hex (0x) or base64 (0s).
left|rightsigkey also accepts the path to a file containing a PEM or DER
encoded public key.
 2013-05-08 14:35:05 +02:00