sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
17,916 Commits 101 Branches 327 Tags
Commit Graph

17916 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
f0a20dd2b8 backtrace: The BFD API changed in newer versions 2021-05-05 16:17:54 +02:00
Noel Kuntze
1de13f9037 openssl: Fix OpenSSL version check for EC_POINT_set_affine_coordinates 
Fixes: bd323ae6c832 ("openssl: Migrate from deprecated EC_POINT_[set|get]_affine_coordinates_GFp() functions")
Closes strongswan/strongswan#332
 2021-05-04 14:51:18 +02:00
Noel Kuntze
e9a55abce4 forecast: Restrict strncpy() call 
Closes strongswan/strongswan#331.
 2021-05-04 14:48:53 +02:00
Tobias Brunner
2b89676157 Merge branch 'doxygen-fixes' 
Closes strongswan/strongswan#326.
 2021-05-04 14:39:56 +02:00
Noel Kuntze
4886a2c7d8
Doxyfile.in: Remove deprecated variables 2021-04-15 16:13:22 +02:00
Noel Kuntze
a11efc5214
doxygen: Fix documentation problems 2021-04-15 00:17:59 +02:00
Andreas Steffen
09df86c033 Version bump to 5.9.3dr1 5.9.3dr1 2021-03-31 09:59:55 +02:00
Andreas Steffen
66ba50b217 testing: Migrated p2pnat/medsrv-psk scenario to vici 2021-03-30 22:12:00 +02:00
Andreas Steffen
03e1272ff2 testing: Migrated p2pnat/behind-same-nat scenario to vici 2021-03-30 22:12:00 +02:00
Andreas Steffen
68154033bb testing: Store mars credentials in the swanctl directory 2021-03-30 22:12:00 +02:00
Andreas Steffen
2cbf7da51a testing: Migrated redirect-active scenario to vici 2021-03-30 22:12:00 +02:00
Andreas Steffen
511b860916 testing: Migrated ha/both-active scenario to vici 2021-03-30 18:57:49 +02:00
Andreas Steffen
5c22e94f0f testing: Migrated ha/active-passive scenario to vici 2021-03-30 18:57:49 +02:00
Andreas Steffen
737f7fce51 testing: Switched PTS measurements to /usr/sbin 
Due to Debian 10 linking /bin to /usr/bin which drastically
increased the number of files in /bin, the PTS measurement
was switched to /usr/sbin with a lesser number of files.
 2021-03-23 10:54:48 +01:00
Andreas Steffen
f412c97648 wolfssl: Support SHAKE_256 2021-03-20 11:19:12 +01:00
Andreas Steffen
a91eb3eb96 wolfssl: Support SHA3 2021-03-20 11:15:42 +01:00
Andreas Steffen
b57215ba2b wolfssl: Support AES_ECB 2021-03-20 11:15:42 +01:00
Andreas Steffen
bd323ae6c8 openssl: Migrate from deprecated EC_POINT_[set|get]_affine_coordinates_GFp() functions 2021-03-19 08:50:27 +01:00
Petr Gotthard
c5eac9c390 libcharon: Include libtpmtss in monolithic build 2021-03-17 12:14:47 +01:00
Andreas Steffen
6aef079f59 testing: Bump guest kernel to Linux 5.11 2021-03-07 14:39:44 +01:00
Andreas Steffen
87ba3a424d Version bump to 5.9.2 5.9.2 2021-02-26 11:30:13 +01:00
Tobias Brunner
88c4d8cb22 Merge branch 'sha2-no-trunc' 
Closes strongswan/strongswan#215.
 2021-02-23 17:30:11 +01:00
Tobias Brunner
875813c055 save-keys: Fix length of AES-GCM with 12-byte ICV 2021-02-23 17:28:46 +01:00
Michał Skalski
b6b8880340 save-keys: Add support for full-length HMAC-SHA256 for ESP 
Wireshark doesn't really support it, but this way it at least decodes
the ESP packets correctly and the encryption keys are saved and the
packets can be decrypted.  The full-length versions of SHA-384 and
SHA-512 are not supported by Wireshark as 256-bit is the longest ICV
it is able to decode currently.
 2021-02-23 17:28:46 +01:00
Michał Skalski
c632aa7b31 kernel-netlink: Add support for full-length HMAC-SHA2 algorithms 2021-02-23 17:28:46 +01:00
Michał Skalski
aa6da3700a keymat: Add support for full-length HMAC-SHA2 algorithms 2021-02-23 17:23:29 +01:00
Michał Skalski
7a8cd5d6d0 af-alg: Fix typo in algorithm mapping for full-size HMAC-SHA-256 2021-02-23 09:25:44 +01:00
Andreas Steffen
356f87355b Version bump to 5.9.2rc2 5.9.2rc2 2021-02-21 10:40:34 +01:00
Andreas Steffen
20c47af319 testing: Use TLS 1.3 in TNC PT-TLS tests 2021-02-21 09:48:34 +01:00
Andreas Steffen
9f55246018 testing: Added mgf1 plugin to load statement 2021-02-19 17:41:44 +01:00
Andreas Steffen
283b352cee Merge branch 'tls-fixes' 5.9.2rc1 2021-02-18 20:28:33 +01:00
Andreas Steffen
d08fa4bd0a Version bump to 5.9.2rc1 2021-02-18 20:16:17 +01:00
Tobias Brunner
48f4f9f667 pt-tls-server: Make TLS client authentication optional as appropriate 2021-02-18 15:41:52 +01:00
Tobias Brunner
82116dba66 tls-test: Add option to make client authentication optional 2021-02-18 15:39:35 +01:00
Tobias Brunner
760f3b730f tls-server: Add flag that makes client authentication optional 
This allows clients to send an empty certificate payload if the server
sent a certificate request.  If an identity was set previously, it will
be reset so get_peer_id() may be used to check if the client was
authenticated.
 2021-02-18 15:35:46 +01:00
Tobias Brunner
11a4687930 libtls: Add control flags and replace GENERIC_NULLOK purpose with one 2021-02-18 15:10:29 +01:00
Tobias Brunner
602947d48a pt-tls-server: Explicitly request client authentication if necessary 
The PT_TLS_AUTH_TLS_OR_SASL case currently can't be implemented properly
as TLS authentication will be enforced if a client identity is configured
on the TLS server socket.
 2021-02-18 12:49:54 +01:00
Tobias Brunner
4b7cfb252e tls-server: Use subject DN as peer identity if it was ID_ANY 
To request client authentication if we don't know the client's identity,
it's possible to use ID_ANY.  However, if we don't change the identity
get_peer_id() would still report ID_ANY after the authentication.
 2021-02-18 12:34:05 +01:00
Tobias Brunner
d5606ec350 testing: Adapt some checks as SHA-384 is now preferred for TLS signatures 2021-02-18 12:02:54 +01:00
Tobias Brunner
024120f8ea tls-eap: Only servers conclude EAP method after processing packets 
As client with older TLS versions, we have to ack the receipt of the server's
Finished message instead.

Fixes: 083f38259c79 ("tls-eap: Conclude EAP method also after processing packets")
 2021-02-18 12:02:32 +01:00
Stefan Berghofer
f7613cb581 ike-sa: Properly set timing info for delete after rekeying 
The job is queued properly, yet the timing information is wrong.

Signed-off-by: Stefan Berghofer <stefan.berghofer@secunet.com>

Fixes: ee61471113c2 ("implemented RFC4478 (repeated authentication)...")
 2021-02-18 10:02:55 +01:00
Tobias Brunner
d65d4eab73 NEWS: Add news for 5.9.2 2021-02-17 15:24:36 +01:00
Tobias Brunner
ff672c785b dhcp: Properly initialize struct when binding to interface 2021-02-16 15:22:18 +01:00
Tobias Brunner
fbb70c968b pts: Don't rely on BIOS event buffer to be null terminated 2021-02-16 15:16:25 +01:00
Tobias Brunner
8384527ff5 tls-crypto: Fix potential memory leak 
Fixes: d8e42a3d4e3c ("tls-crypto: Share private key search between client and server")
 2021-02-16 14:52:43 +01:00
Tobias Brunner
f4258c56f5 ike-sa-manager: Ensure we were able to create a new IKE_SA 
This may happen if we are unable to allocate an SPI.
 2021-02-16 14:45:51 +01:00
Tobias Brunner
cb85967655 github: Bump wolfSSL to 4.7.0 2021-02-16 09:08:12 +01:00
Fedor Korotkov
af9d2a8f1e cirrus: Use FreeBSD 12.2 
This seems to fix the build with Autotools that recently started to fail
with:

autom4te-2.69: need GNU m4 1.4 or later: /usr/local/bin/gm4
aclocal: error: /usr/local/bin/autom4te-2.69 failed with exit status: 1
autoreconf-2.69: aclocal failed with exit status: 1

Closes strongswan/strongswan#197.
 2021-02-16 08:56:43 +01:00
Tobias Brunner
7bd9c0c85e github: Fix emojis in templates 2021-02-15 15:30:03 +01:00
Tobias Brunner
27544f7bd9 github: Add security policy 2021-02-15 09:44:44 +01:00