diff options
| author | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:29:19 +0100 |
|---|---|---|
| committer | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:29:19 +0100 |
| commit | 365e71f706b40c32173fa06c6feaac48c1527520 (patch) | |
| tree | 54fa72a914d18c9430eaa54f3de4a2d4419198af /src/pluto | |
| parent | 5d7669b7b3563c50b3c86903e0a49373d597b8a0 (diff) | |
| parent | 568905f488e63e28778f87ac0e38d845f45bae79 (diff) | |
| download | vyos-strongswan-365e71f706b40c32173fa06c6feaac48c1527520.tar.gz vyos-strongswan-365e71f706b40c32173fa06c6feaac48c1527520.zip | |
Fixed merge, don't know why this didn't happen automatically - maybe a leftover from the svn->git conversion
Diffstat (limited to 'src/pluto')
| -rw-r--r-- | src/pluto/Makefile.in | 9 | ||||
| -rw-r--r-- | src/pluto/ca.c | 4 | ||||
| -rw-r--r-- | src/pluto/crl.c | 16 | ||||
| -rw-r--r-- | src/pluto/crypto.c | 262 | ||||
| -rw-r--r-- | src/pluto/demux.c | 4 | ||||
| -rw-r--r-- | src/pluto/ike_alg.c | 72 | ||||
| -rw-r--r-- | src/pluto/ike_alg.h | 20 | ||||
| -rw-r--r-- | src/pluto/kernel.c | 12 | ||||
| -rw-r--r-- | src/pluto/kernel_alg.c | 45 | ||||
| -rw-r--r-- | src/pluto/keys.c | 12 | ||||
| -rw-r--r-- | src/pluto/ocsp.c | 5 | ||||
| -rw-r--r-- | src/pluto/plugins/xauth/Makefile.in | 9 | ||||
| -rw-r--r-- | src/pluto/pluto.8 | 14 | ||||
| -rw-r--r-- | src/pluto/x509.c | 10 |
14 files changed, 494 insertions, 0 deletions
diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in index 080530f86..eb7f2c28a 100644 --- a/src/pluto/Makefile.in +++ b/src/pluto/Makefile.in @@ -304,9 +304,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -345,6 +349,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/pluto/ca.c b/src/pluto/ca.c index 2654774fa..713d56ef1 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -629,7 +629,11 @@ void add_ca_info(const whack_message_t *msg) if (strncasecmp(msg->ocspuri, "http", 4) == 0) ca->ocspuri = clone_str(msg->ocspuri); else +<<<<<<< HEAD plog(" ignoring ocspuri with unkown protocol"); +======= + plog(" ignoring ocspuri with unknown protocol"); +>>>>>>> upstream/4.5.1 } /* add crl uris */ diff --git a/src/pluto/crl.c b/src/pluto/crl.c index c8fb107d5..d8f962501 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -352,7 +352,11 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, x509crl_t *x509crl; ca_info_t *ca; enumerator_t *enumerator; +<<<<<<< HEAD char *point; +======= + x509_cdp_t *cdp; +>>>>>>> upstream/4.5.1 ca = get_ca_info(issuer, authKeyID); @@ -376,9 +380,15 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, } enumerator = x509->create_crl_uri_enumerator(x509); +<<<<<<< HEAD while (enumerator->enumerate(enumerator, &point)) { add_distribution_point(crluris, point); +======= + while (enumerator->enumerate(enumerator, &cdp)) + { + add_distribution_point(crluris, cdp->uri); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); @@ -416,9 +426,15 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, } enumerator = x509->create_crl_uri_enumerator(x509); +<<<<<<< HEAD while (enumerator->enumerate(enumerator, &point)) { add_distribution_point(x509crl->distributionPoints, point); +======= + while (enumerator->enumerate(enumerator, &cdp)) + { + add_distribution_point(x509crl->distributionPoints, cdp->uri); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index 0684de618..695035ea1 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -26,6 +26,7 @@ static struct encrypt_desc encrypt_desc_3des = { +<<<<<<< HEAD algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_3DES_CBC, algo_next: NULL, @@ -34,6 +35,17 @@ static struct encrypt_desc encrypt_desc_3des = keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, +======= + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_3DES_CBC, + plugin_name: NULL, + algo_next: NULL, + + enc_blocksize: DES_BLOCK_SIZE, + keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, + keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, + keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, +>>>>>>> upstream/4.5.1 }; #define AES_KEY_MIN_LEN 128 @@ -42,6 +54,7 @@ static struct encrypt_desc encrypt_desc_3des = static struct encrypt_desc encrypt_desc_aes = { +<<<<<<< HEAD algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_AES_CBC, algo_next: NULL, @@ -50,6 +63,17 @@ static struct encrypt_desc encrypt_desc_aes = keyminlen: AES_KEY_MIN_LEN, keydeflen: AES_KEY_DEF_LEN, keymaxlen: AES_KEY_MAX_LEN, +======= + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_AES_CBC, + plugin_name: NULL, + algo_next: NULL, + + enc_blocksize: AES_BLOCK_SIZE, + keyminlen: AES_KEY_MIN_LEN, + keydeflen: AES_KEY_DEF_LEN, + keymaxlen: AES_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; #define CAMELLIA_KEY_MIN_LEN 128 @@ -58,6 +82,7 @@ static struct encrypt_desc encrypt_desc_aes = static struct encrypt_desc encrypt_desc_camellia = { +<<<<<<< HEAD algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_CAMELLIA_CBC, algo_next: NULL, @@ -66,6 +91,17 @@ static struct encrypt_desc encrypt_desc_camellia = keyminlen: CAMELLIA_KEY_MIN_LEN, keydeflen: CAMELLIA_KEY_DEF_LEN, keymaxlen: CAMELLIA_KEY_MAX_LEN, +======= + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_CAMELLIA_CBC, + plugin_name: NULL, + algo_next: NULL, + + enc_blocksize: CAMELLIA_BLOCK_SIZE, + keyminlen: CAMELLIA_KEY_MIN_LEN, + keydeflen: CAMELLIA_KEY_DEF_LEN, + keymaxlen: CAMELLIA_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; #define BLOWFISH_KEY_MIN_LEN 128 @@ -73,6 +109,7 @@ static struct encrypt_desc encrypt_desc_camellia = static struct encrypt_desc encrypt_desc_blowfish = { +<<<<<<< HEAD algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_BLOWFISH_CBC, algo_next: NULL, @@ -81,6 +118,17 @@ static struct encrypt_desc encrypt_desc_blowfish = keyminlen: BLOWFISH_KEY_MIN_LEN, keydeflen: BLOWFISH_KEY_MIN_LEN, keymaxlen: BLOWFISH_KEY_MAX_LEN, +======= + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_BLOWFISH_CBC, + plugin_name: NULL, + algo_next: NULL, + + enc_blocksize: BLOWFISH_BLOCK_SIZE, + keyminlen: BLOWFISH_KEY_MIN_LEN, + keydeflen: BLOWFISH_KEY_MIN_LEN, + keymaxlen: BLOWFISH_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; #define SERPENT_KEY_MIN_LEN 128 @@ -89,6 +137,7 @@ static struct encrypt_desc encrypt_desc_blowfish = static struct encrypt_desc encrypt_desc_serpent = { +<<<<<<< HEAD algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_SERPENT_CBC, algo_next: NULL, @@ -97,6 +146,17 @@ static struct encrypt_desc encrypt_desc_serpent = keyminlen: SERPENT_KEY_MIN_LEN, keydeflen: SERPENT_KEY_DEF_LEN, keymaxlen: SERPENT_KEY_MAX_LEN, +======= + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_SERPENT_CBC, + plugin_name: NULL, + algo_next: NULL, + + enc_blocksize: SERPENT_BLOCK_SIZE, + keyminlen: SERPENT_KEY_MIN_LEN, + keydeflen: SERPENT_KEY_DEF_LEN, + keymaxlen: SERPENT_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; #define TWOFISH_KEY_MIN_LEN 128 @@ -105,6 +165,7 @@ static struct encrypt_desc encrypt_desc_serpent = static struct encrypt_desc encrypt_desc_twofish = { +<<<<<<< HEAD algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC, algo_next: NULL, @@ -113,10 +174,22 @@ static struct encrypt_desc encrypt_desc_twofish = keydeflen: TWOFISH_KEY_MIN_LEN, keyminlen: TWOFISH_KEY_DEF_LEN, keymaxlen: TWOFISH_KEY_MAX_LEN, +======= + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_TWOFISH_CBC, + plugin_name: NULL, + algo_next: NULL, + + enc_blocksize: TWOFISH_BLOCK_SIZE, + keydeflen: TWOFISH_KEY_MIN_LEN, + keyminlen: TWOFISH_KEY_DEF_LEN, + keymaxlen: TWOFISH_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; static struct encrypt_desc encrypt_desc_twofish_ssh = { +<<<<<<< HEAD algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC_SSH, algo_next: NULL, @@ -125,12 +198,27 @@ static struct encrypt_desc encrypt_desc_twofish_ssh = keydeflen: TWOFISH_KEY_MIN_LEN, keyminlen: TWOFISH_KEY_DEF_LEN, keymaxlen: TWOFISH_KEY_MAX_LEN, +======= + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_TWOFISH_CBC_SSH, + plugin_name: NULL, + algo_next: NULL, + + enc_blocksize: TWOFISH_BLOCK_SIZE, + keydeflen: TWOFISH_KEY_MIN_LEN, + keyminlen: TWOFISH_KEY_DEF_LEN, + keymaxlen: TWOFISH_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; static struct hash_desc hash_desc_md5 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_MD5, +<<<<<<< HEAD +======= + plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_MD5, }; @@ -139,6 +227,10 @@ static struct hash_desc hash_desc_sha1 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA, +<<<<<<< HEAD +======= + plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA1, }; @@ -146,6 +238,10 @@ static struct hash_desc hash_desc_sha1 = static struct hash_desc hash_desc_sha2_256 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_256, +<<<<<<< HEAD +======= + plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA256, }; @@ -153,6 +249,10 @@ static struct hash_desc hash_desc_sha2_256 = { static struct hash_desc hash_desc_sha2_384 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_384, +<<<<<<< HEAD +======= + plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA384, }; @@ -160,11 +260,16 @@ static struct hash_desc hash_desc_sha2_384 = { static struct hash_desc hash_desc_sha2_512 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_512, +<<<<<<< HEAD +======= + plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA512, }; const struct dh_desc unset_group = { +<<<<<<< HEAD algo_type: IKE_ALG_DH_GROUP, algo_id: MODP_NONE, algo_next: NULL, @@ -267,13 +372,137 @@ static struct dh_desc dh_desc_ecp_192 = { algo_id: ECP_192_BIT, algo_next: NULL, ke_size: 2*192 / BITS_PER_BYTE +======= + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_NONE, + plugin_name: NULL, + algo_next: NULL, + ke_size: 0 +}; + +static struct dh_desc dh_desc_modp_1024 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_1024_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 1024 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_1536 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_1536_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 1536 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_2048 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_2048_BIT, + algo_next: NULL, + ke_size: 2048 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_3072 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_3072_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 3072 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_4096 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_4096_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 4096 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_6144 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_6144_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 6144 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_8192 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_8192_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 8192 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_ecp_256 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: ECP_256_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 2*256 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_ecp_384 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: ECP_384_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 2*384 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_ecp_521 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: ECP_521_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 2*528 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_1024_160 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_1024_160, + plugin_name: NULL, + algo_next: NULL, + ke_size: 1024 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_2048_224 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_2048_224, + plugin_name: NULL, + algo_next: NULL, + ke_size: 2048 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_2048_256 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_2048_256, + plugin_name: NULL, + algo_next: NULL, + ke_size: 2048 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_ecp_192 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: ECP_192_BIT, + plugin_name: NULL, + algo_next: NULL, + ke_size: 2*192 / BITS_PER_BYTE +>>>>>>> upstream/4.5.1 }; static struct dh_desc dh_desc_ecp_224 = { algo_type: IKE_ALG_DH_GROUP, algo_id: ECP_224_BIT, +<<<<<<< HEAD algo_next: NULL, ke_size: 2*224 / BITS_PER_BYTE +======= + plugin_name: NULL, + algo_next: NULL, + ke_size: 2*224 / BITS_PER_BYTE +>>>>>>> upstream/4.5.1 }; bool init_crypto(void) @@ -282,11 +511,19 @@ bool init_crypto(void) encryption_algorithm_t encryption_alg; hash_algorithm_t hash_alg; diffie_hellman_group_t dh_group; +<<<<<<< HEAD +======= + const char *plugin_name; +>>>>>>> upstream/4.5.1 bool no_md5 = TRUE; bool no_sha1 = TRUE; enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); +<<<<<<< HEAD while (enumerator->enumerate(enumerator, &hash_alg)) +======= + while (enumerator->enumerate(enumerator, &hash_alg, &plugin_name)) +>>>>>>> upstream/4.5.1 { const struct hash_desc *desc; @@ -312,7 +549,11 @@ bool init_crypto(void) default: continue; } +<<<<<<< HEAD ike_alg_add((struct ike_alg *)desc); +======= + ike_alg_add((struct ike_alg *)desc, plugin_name); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); @@ -326,7 +567,11 @@ bool init_crypto(void) } enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); +<<<<<<< HEAD while (enumerator->enumerate(enumerator, &encryption_alg)) +======= + while (enumerator->enumerate(enumerator, &encryption_alg, &plugin_name)) +>>>>>>> upstream/4.5.1 { const struct encrypt_desc *desc; @@ -346,7 +591,12 @@ bool init_crypto(void) break; case ENCR_TWOFISH_CBC: desc = &encrypt_desc_twofish; +<<<<<<< HEAD ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh); +======= + ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh, + plugin_name); +>>>>>>> upstream/4.5.1 break; case ENCR_SERPENT_CBC: desc = &encrypt_desc_serpent; @@ -354,12 +604,20 @@ bool init_crypto(void) default: continue; } +<<<<<<< HEAD ike_alg_add((struct ike_alg *)desc); +======= + ike_alg_add((struct ike_alg *)desc, plugin_name); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); enumerator = lib->crypto->create_dh_enumerator(lib->crypto); +<<<<<<< HEAD while (enumerator->enumerate(enumerator, &dh_group)) +======= + while (enumerator->enumerate(enumerator, &dh_group, &plugin_name)) +>>>>>>> upstream/4.5.1 { const struct dh_desc *desc; @@ -413,7 +671,11 @@ bool init_crypto(void) default: continue; } +<<<<<<< HEAD ike_alg_add((struct ike_alg *)desc); +======= + ike_alg_add((struct ike_alg *)desc, plugin_name); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); return TRUE; diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 0590a3585..22976fe9a 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -1147,7 +1147,11 @@ read_packet(struct msg_digest *md) } else if (from_ugh != NULL) { +<<<<<<< HEAD plog("recvfrom on %s returned misformed source sockaddr: %s" +======= + plog("recvfrom on %s returned malformed source sockaddr: %s" +>>>>>>> upstream/4.5.1 , ifp->rname, from_ugh); return FALSE; } diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index 08353907e..eabe6c86e 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -72,7 +72,11 @@ static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id, /** * "raw" ike_alg list adding function */ +<<<<<<< HEAD int ike_alg_add(struct ike_alg* a) +======= +int ike_alg_add(struct ike_alg* a, const char *plugin_name) +>>>>>>> upstream/4.5.1 { if (a->algo_type > IKE_ALG_MAX) { @@ -96,6 +100,10 @@ int ike_alg_add(struct ike_alg* a) e = *ep; } *ep = a; +<<<<<<< HEAD +======= + a->plugin_name = plugin_name; +>>>>>>> upstream/4.5.1 a->algo_next = e; return 0; } @@ -304,19 +312,51 @@ fail: } /** +<<<<<<< HEAD +======= + * Print the name of an algorithm plus the name of the plugin that registered it + */ +static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type, + const char *plugin_name) +{ + char alg_name[BUF_LEN]; + int alg_name_len; + + alg_name_len = sprintf(alg_name, " %s[%s]", enum_name(alg_names, alg_type), + plugin_name); + if (*len + alg_name_len > CRYPTO_MAX_ALG_LINE) + { + whack_log(RC_COMMENT, "%s", buf); + *len = sprintf(buf, " "); + } + sprintf(buf + *len, "%s", alg_name); + *len += alg_name_len; +} + +/** +>>>>>>> upstream/4.5.1 * Show registered IKE algorithms */ void ike_alg_list(void) { +<<<<<<< HEAD char buf[BUF_LEN]; char *pos; int n, len; +======= + rng_quality_t quality; + enumerator_t *enumerator; + const char *plugin_name; + char buf[BUF_LEN]; + int len; +>>>>>>> upstream/4.5.1 struct ike_alg *a; whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of registered IKEv1 Algorithms:"); whack_log(RC_COMMENT, " "); +<<<<<<< HEAD pos = buf; *pos = '\0'; len = BUF_LEN; @@ -361,6 +401,38 @@ void ike_alg_list(void) } } whack_log(RC_COMMENT, " dh-group: %s", buf); +======= + len = sprintf(buf, " encryption:"); + for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) + { + print_alg(buf, &len, &oakley_enc_names, a->algo_id, a->plugin_name); + } + whack_log(RC_COMMENT, "%s", buf); + + len = sprintf(buf, " integrity: "); + for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next) + { + print_alg(buf, &len, &oakley_hash_names, a->algo_id, a->plugin_name); + } + whack_log(RC_COMMENT, "%s", buf); + + len = sprintf(buf, " dh-group: "); + for (a = ike_alg_base[IKE_ALG_DH_GROUP]; a != NULL; a = a->algo_next) + { + print_alg(buf, &len, &oakley_group_names, a->algo_id, a->plugin_name); + } + whack_log(RC_COMMENT, "%s", buf); + + len = sprintf(buf, " random-gen:"); + enumerator = lib->crypto->create_rng_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &quality, &plugin_name)) + { + len += sprintf(buf + len, " %N[%s]", rng_quality_names, quality, + plugin_name); + } + enumerator->destroy(enumerator); + whack_log(RC_COMMENT, "%s", buf); +>>>>>>> upstream/4.5.1 } /** diff --git a/src/pluto/ike_alg.h b/src/pluto/ike_alg.h index 458d14c3a..7ee2ca808 100644 --- a/src/pluto/ike_alg.h +++ b/src/pluto/ike_alg.h @@ -22,12 +22,20 @@ struct ike_alg { u_int16_t algo_type; u_int16_t algo_id; +<<<<<<< HEAD +======= + const char *plugin_name; +>>>>>>> upstream/4.5.1 struct ike_alg *algo_next; }; struct encrypt_desc { u_int16_t algo_type; u_int16_t algo_id; +<<<<<<< HEAD +======= + const char *plugin_name; +>>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t enc_blocksize; @@ -39,6 +47,10 @@ struct encrypt_desc { struct hash_desc { u_int16_t algo_type; u_int16_t algo_id; +<<<<<<< HEAD +======= + const char *plugin_name; +>>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t hash_digest_size; @@ -47,6 +59,10 @@ struct hash_desc { struct dh_desc { u_int16_t algo_type; u_int16_t algo_id; +<<<<<<< HEAD +======= + const char *plugin_name; +>>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t ke_size; @@ -57,7 +73,11 @@ struct dh_desc { #define IKE_ALG_DH_GROUP 2 #define IKE_ALG_MAX IKE_ALG_DH_GROUP +<<<<<<< HEAD extern int ike_alg_add(struct ike_alg *a); +======= +extern int ike_alg_add(struct ike_alg *a, const char *plugin_name); +>>>>>>> upstream/4.5.1 extern struct hash_desc *ike_alg_get_hasher(u_int alg); extern struct encrypt_desc *ike_alg_get_crypter(u_int alg); extern struct dh_desc *ike_alg_get_dh_group(u_int alg); diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index e57822ffb..7d54b9e8e 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -1183,7 +1183,11 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, ipcomp_spi, said_next->proto, c->spd.reqid, +<<<<<<< HEAD mark, <_none, ENCR_UNDEFINED, chunk_empty, +======= + mark, 0, <_none, ENCR_UNDEFINED, chunk_empty, +>>>>>>> upstream/4.5.1 AUTH_UNDEFINED, chunk_empty, mode, st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE, inbound, NULL, NULL) != SUCCESS) @@ -1292,7 +1296,11 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, esp_spi, said_next->proto, c->spd.reqid, +<<<<<<< HEAD mark, <_none, enc_alg, enc_key, +======= + mark, 0, <_none, enc_alg, enc_key, +>>>>>>> upstream/4.5.1 auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */, encap, inbound, NULL, NULL) != SUCCESS) { @@ -1325,7 +1333,11 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, ah_spi, said_next->proto, c->spd.reqid, +<<<<<<< HEAD mark, <_none, ENCR_UNDEFINED, chunk_empty, +======= + mark, 0, <_none, ENCR_UNDEFINED, chunk_empty, +>>>>>>> upstream/4.5.1 auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */, FALSE, inbound, NULL, NULL) != SUCCESS) { diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c index 2a195cffc..41155c619 100644 --- a/src/pluto/kernel_alg.c +++ b/src/pluto/kernel_alg.c @@ -397,24 +397,54 @@ struct sadb_alg* kernel_alg_esp_sadb_alg(u_int alg_id) return sadb_alg; } +<<<<<<< HEAD void kernel_alg_list(void) { char buf[BUF_LEN]; char *pos; int n, len; +======= +/** + * Print the name of a kernel algorithm + */ +static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type) +{ + char alg_name[BUF_LEN]; + int alg_name_len; + + alg_name_len = sprintf(alg_name, " %s", enum_name(alg_names, alg_type)); + if (*len + alg_name_len > CRYPTO_MAX_ALG_LINE) + { + whack_log(RC_COMMENT, "%s", buf); + *len = sprintf(buf, " "); + } + sprintf(buf + *len, "%s", alg_name); + *len += alg_name_len; +} + +void kernel_alg_list(void) +{ + char buf[BUF_LEN]; + int len; +>>>>>>> upstream/4.5.1 u_int sadb_id; whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of registered ESP Algorithms:"); whack_log(RC_COMMENT, " "); +<<<<<<< HEAD pos = buf; *pos = '\0'; len = BUF_LEN; +======= + len = sprintf(buf, " encryption:"); +>>>>>>> upstream/4.5.1 for (sadb_id = 1; sadb_id <= SADB_EALG_MAX; sadb_id++) { if (ESP_EALG_PRESENT(sadb_id)) { +<<<<<<< HEAD n = snprintf(pos, len, " %s", enum_name(&esp_transform_names, sadb_id)); pos += n; @@ -430,12 +460,21 @@ void kernel_alg_list(void) pos = buf; *pos = '\0'; len = BUF_LEN; +======= + print_alg(buf, &len, &esp_transform_names, sadb_id); + } + } + whack_log(RC_COMMENT, "%s", buf); + + len = sprintf(buf, " integrity: "); +>>>>>>> upstream/4.5.1 for (sadb_id = 1; sadb_id <= SADB_AALG_MAX; sadb_id++) { if (ESP_AALG_PRESENT(sadb_id)) { u_int aaid = alg_info_esp_sadb2aa(sadb_id); +<<<<<<< HEAD n = snprintf(pos, len, " %s", enum_name(&auth_alg_names, aaid)); pos += n; len -= n; @@ -446,6 +485,12 @@ void kernel_alg_list(void) } } whack_log(RC_COMMENT, " integrity: %s", buf); +======= + print_alg(buf, &len, &auth_alg_names, aaid); + } + } + whack_log(RC_COMMENT, "%s", buf); +>>>>>>> upstream/4.5.1 } void kernel_alg_show_connection(connection_t *c, const char *instance) diff --git a/src/pluto/keys.c b/src/pluto/keys.c index a79c2c0d2..e2c52fab0 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -902,6 +902,10 @@ static void process_secret(secret_t *s, int whackfd) { loglog(RC_LOG_SERIOUS, "\"%s\" line %d: %s" , flp->filename, flp->lino, ugh); +<<<<<<< HEAD +======= + s->ids->destroy_offset(s->ids, offsetof(identification_t, destroy)); +>>>>>>> upstream/4.5.1 free(s); } else if (flushline("expected record boundary in key")) @@ -1010,8 +1014,16 @@ static void process_secret_records(int whackfd) if (!shift()) { /* unexpected Record Boundary or EOF */ +<<<<<<< HEAD loglog(RC_LOG_SERIOUS, "\"%s\" line %d: unexpected end of id list" , flp->filename, flp->lino); +======= + loglog(RC_LOG_SERIOUS, "\"%s\" line %d: unexpected end" + " of id list", flp->filename, flp->lino); + s->ids->destroy_offset(s->ids, + offsetof(identification_t, destroy)); + free(s); +>>>>>>> upstream/4.5.1 break; } } diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index 8a351be6d..14e5cbb96 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -1045,8 +1045,13 @@ static bool valid_ocsp_response(response_t *res) ) /* check path length constraint */ +<<<<<<< HEAD pathlen_constraint = x509->get_pathLenConstraint(x509); if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && +======= + pathlen_constraint = x509->get_constraint(x509, X509_PATH_LEN); + if (pathlen_constraint != X509_NO_CONSTRAINT && +>>>>>>> upstream/4.5.1 pathlen > pathlen_constraint) { plog("path length of %d violates constraint of %d", diff --git a/src/pluto/plugins/xauth/Makefile.in b/src/pluto/plugins/xauth/Makefile.in index b2ffb11db..793a0e88d 100644 --- a/src/pluto/plugins/xauth/Makefile.in +++ b/src/pluto/plugins/xauth/Makefile.in @@ -218,9 +218,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,6 +263,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/pluto/pluto.8 b/src/pluto/pluto.8 index 58cb15091..1efb1a6f7 100644 --- a/src/pluto/pluto.8 +++ b/src/pluto/pluto.8 @@ -1,8 +1,14 @@ .TH IPSEC_PLUTO 8 "28 March 1999" .SH NAME +<<<<<<< HEAD ipsec pluto \- IPsec IKE keying daemon .br ipsec whack \- control interface for IPSEC keying daemon +======= +pluto \- IPsec IKE keying daemon and control interface +.PP +whack \- control interface for IKE keying daemon +>>>>>>> upstream/4.5.1 .SH SYNOPSIS .na .nh @@ -1009,7 +1015,11 @@ specifies the name of the operation to be performed \fBup-host\fP, \fBup-client\fP, \fBdown-host\fP, or \fBdown-client\fP). If the address family for security gateway to security gateway communications is IPv6, then +<<<<<<< HEAD a suffix of -v6 is added to the verb. +======= +a suffix of \-v6 is added to the verb. +>>>>>>> upstream/4.5.1 .TP \fBPLUTO_CONNECTION\fP is the name of the connection for which we are routing. @@ -1571,7 +1581,11 @@ rejected with ECONNREFUSED (kernel supplied no details)''. John Denker suggests that this command is useful for tracking down the source of these problems: .br +<<<<<<< HEAD tcpdump -i eth0 icmp[0] != 8 and icmp[0] != 0 +======= + tcpdump \-i eth0 icmp[0] != 8 and icmp[0] != 0 +>>>>>>> upstream/4.5.1 .br Substitute your public interface for eth0 if it is different. .LP diff --git a/src/pluto/x509.c b/src/pluto/x509.c index d717beb15..b76f02845 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -255,8 +255,13 @@ bool verify_x509cert(cert_t *cert, bool strict, time_t *until) unlock_authcert_list("verify_x509cert"); /* check path length constraint */ +<<<<<<< HEAD pathlen_constraint = x509->get_pathLenConstraint(x509); if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && +======= + pathlen_constraint = x509->get_constraint(x509, X509_PATH_LEN); + if (pathlen_constraint != X509_NO_CONSTRAINT && +>>>>>>> upstream/4.5.1 pathlen > pathlen_constraint) { plog("path length of %d violates constraint of %d", @@ -450,8 +455,13 @@ void list_x509cert_chain(const char *caption, cert_t* cert, } /* list optional pathLenConstraint */ +<<<<<<< HEAD pathlen = x509->get_pathLenConstraint(x509); if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) +======= + pathlen = x509->get_constraint(x509, X509_PATH_LEN); + if (pathlen != X509_NO_CONSTRAINT) +>>>>>>> upstream/4.5.1 { whack_log(RC_COMMENT, " pathlen: %d", pathlen); } |