summaryrefslogtreecommitdiff
path: root/src/pluto
diff options
context:
space:
mode:
Diffstat (limited to 'src/pluto')
-rw-r--r--src/pluto/Makefile.in4
-rw-r--r--src/pluto/ca.c2
-rw-r--r--src/pluto/crl.c10
-rw-r--r--src/pluto/crypto.c279
-rw-r--r--src/pluto/demux.c2
-rw-r--r--src/pluto/ike_alg.c81
-rw-r--r--src/pluto/ike_alg.h6
-rw-r--r--src/pluto/kernel.c6
-rw-r--r--src/pluto/kernel_alg.c50
-rw-r--r--src/pluto/keys.c8
-rw-r--r--src/pluto/ocsp.c4
-rw-r--r--src/pluto/plugins/xauth/Makefile.in4
-rw-r--r--src/pluto/pluto.810
-rw-r--r--src/pluto/x509.c8
14 files changed, 260 insertions, 214 deletions
diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in
index 080530f86..1428854ee 100644
--- a/src/pluto/Makefile.in
+++ b/src/pluto/Makefile.in
@@ -304,9 +304,7 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -345,6 +343,8 @@ sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index 2654774fa..add85def8 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -629,7 +629,7 @@ void add_ca_info(const whack_message_t *msg)
if (strncasecmp(msg->ocspuri, "http", 4) == 0)
ca->ocspuri = clone_str(msg->ocspuri);
else
- plog(" ignoring ocspuri with unkown protocol");
+ plog(" ignoring ocspuri with unknown protocol");
}
/* add crl uris */
diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index c8fb107d5..1c9c9a8cc 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -352,7 +352,7 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate,
x509crl_t *x509crl;
ca_info_t *ca;
enumerator_t *enumerator;
- char *point;
+ x509_cdp_t *cdp;
ca = get_ca_info(issuer, authKeyID);
@@ -376,9 +376,9 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate,
}
enumerator = x509->create_crl_uri_enumerator(x509);
- while (enumerator->enumerate(enumerator, &point))
+ while (enumerator->enumerate(enumerator, &cdp))
{
- add_distribution_point(crluris, point);
+ add_distribution_point(crluris, cdp->uri);
}
enumerator->destroy(enumerator);
@@ -416,9 +416,9 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate,
}
enumerator = x509->create_crl_uri_enumerator(x509);
- while (enumerator->enumerate(enumerator, &point))
+ while (enumerator->enumerate(enumerator, &cdp))
{
- add_distribution_point(x509crl->distributionPoints, point);
+ add_distribution_point(x509crl->distributionPoints, cdp->uri);
}
enumerator->destroy(enumerator);
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index 0684de618..f01966c72 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -26,14 +26,15 @@
static struct encrypt_desc encrypt_desc_3des =
{
- algo_type: IKE_ALG_ENCRYPT,
- algo_id: OAKLEY_3DES_CBC,
- algo_next: NULL,
-
- enc_blocksize: DES_BLOCK_SIZE,
- keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
- keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
- keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
+ algo_type: IKE_ALG_ENCRYPT,
+ algo_id: OAKLEY_3DES_CBC,
+ plugin_name: NULL,
+ algo_next: NULL,
+
+ enc_blocksize: DES_BLOCK_SIZE,
+ keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
+ keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
+ keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
};
#define AES_KEY_MIN_LEN 128
@@ -42,14 +43,15 @@ static struct encrypt_desc encrypt_desc_3des =
static struct encrypt_desc encrypt_desc_aes =
{
- algo_type: IKE_ALG_ENCRYPT,
- algo_id: OAKLEY_AES_CBC,
- algo_next: NULL,
-
- enc_blocksize: AES_BLOCK_SIZE,
- keyminlen: AES_KEY_MIN_LEN,
- keydeflen: AES_KEY_DEF_LEN,
- keymaxlen: AES_KEY_MAX_LEN,
+ algo_type: IKE_ALG_ENCRYPT,
+ algo_id: OAKLEY_AES_CBC,
+ plugin_name: NULL,
+ algo_next: NULL,
+
+ enc_blocksize: AES_BLOCK_SIZE,
+ keyminlen: AES_KEY_MIN_LEN,
+ keydeflen: AES_KEY_DEF_LEN,
+ keymaxlen: AES_KEY_MAX_LEN,
};
#define CAMELLIA_KEY_MIN_LEN 128
@@ -58,14 +60,15 @@ static struct encrypt_desc encrypt_desc_aes =
static struct encrypt_desc encrypt_desc_camellia =
{
- algo_type: IKE_ALG_ENCRYPT,
- algo_id: OAKLEY_CAMELLIA_CBC,
- algo_next: NULL,
-
- enc_blocksize: CAMELLIA_BLOCK_SIZE,
- keyminlen: CAMELLIA_KEY_MIN_LEN,
- keydeflen: CAMELLIA_KEY_DEF_LEN,
- keymaxlen: CAMELLIA_KEY_MAX_LEN,
+ algo_type: IKE_ALG_ENCRYPT,
+ algo_id: OAKLEY_CAMELLIA_CBC,
+ plugin_name: NULL,
+ algo_next: NULL,
+
+ enc_blocksize: CAMELLIA_BLOCK_SIZE,
+ keyminlen: CAMELLIA_KEY_MIN_LEN,
+ keydeflen: CAMELLIA_KEY_DEF_LEN,
+ keymaxlen: CAMELLIA_KEY_MAX_LEN,
};
#define BLOWFISH_KEY_MIN_LEN 128
@@ -73,14 +76,15 @@ static struct encrypt_desc encrypt_desc_camellia =
static struct encrypt_desc encrypt_desc_blowfish =
{
- algo_type: IKE_ALG_ENCRYPT,
- algo_id: OAKLEY_BLOWFISH_CBC,
- algo_next: NULL,
-
- enc_blocksize: BLOWFISH_BLOCK_SIZE,
- keyminlen: BLOWFISH_KEY_MIN_LEN,
- keydeflen: BLOWFISH_KEY_MIN_LEN,
- keymaxlen: BLOWFISH_KEY_MAX_LEN,
+ algo_type: IKE_ALG_ENCRYPT,
+ algo_id: OAKLEY_BLOWFISH_CBC,
+ plugin_name: NULL,
+ algo_next: NULL,
+
+ enc_blocksize: BLOWFISH_BLOCK_SIZE,
+ keyminlen: BLOWFISH_KEY_MIN_LEN,
+ keydeflen: BLOWFISH_KEY_MIN_LEN,
+ keymaxlen: BLOWFISH_KEY_MAX_LEN,
};
#define SERPENT_KEY_MIN_LEN 128
@@ -89,14 +93,15 @@ static struct encrypt_desc encrypt_desc_blowfish =
static struct encrypt_desc encrypt_desc_serpent =
{
- algo_type: IKE_ALG_ENCRYPT,
- algo_id: OAKLEY_SERPENT_CBC,
- algo_next: NULL,
-
- enc_blocksize: SERPENT_BLOCK_SIZE,
- keyminlen: SERPENT_KEY_MIN_LEN,
- keydeflen: SERPENT_KEY_DEF_LEN,
- keymaxlen: SERPENT_KEY_MAX_LEN,
+ algo_type: IKE_ALG_ENCRYPT,
+ algo_id: OAKLEY_SERPENT_CBC,
+ plugin_name: NULL,
+ algo_next: NULL,
+
+ enc_blocksize: SERPENT_BLOCK_SIZE,
+ keyminlen: SERPENT_KEY_MIN_LEN,
+ keydeflen: SERPENT_KEY_DEF_LEN,
+ keymaxlen: SERPENT_KEY_MAX_LEN,
};
#define TWOFISH_KEY_MIN_LEN 128
@@ -105,32 +110,35 @@ static struct encrypt_desc encrypt_desc_serpent =
static struct encrypt_desc encrypt_desc_twofish =
{
- algo_type: IKE_ALG_ENCRYPT,
- algo_id: OAKLEY_TWOFISH_CBC,
- algo_next: NULL,
-
- enc_blocksize: TWOFISH_BLOCK_SIZE,
- keydeflen: TWOFISH_KEY_MIN_LEN,
- keyminlen: TWOFISH_KEY_DEF_LEN,
- keymaxlen: TWOFISH_KEY_MAX_LEN,
+ algo_type: IKE_ALG_ENCRYPT,
+ algo_id: OAKLEY_TWOFISH_CBC,
+ plugin_name: NULL,
+ algo_next: NULL,
+
+ enc_blocksize: TWOFISH_BLOCK_SIZE,
+ keydeflen: TWOFISH_KEY_MIN_LEN,
+ keyminlen: TWOFISH_KEY_DEF_LEN,
+ keymaxlen: TWOFISH_KEY_MAX_LEN,
};
static struct encrypt_desc encrypt_desc_twofish_ssh =
{
- algo_type: IKE_ALG_ENCRYPT,
- algo_id: OAKLEY_TWOFISH_CBC_SSH,
- algo_next: NULL,
-
- enc_blocksize: TWOFISH_BLOCK_SIZE,
- keydeflen: TWOFISH_KEY_MIN_LEN,
- keyminlen: TWOFISH_KEY_DEF_LEN,
- keymaxlen: TWOFISH_KEY_MAX_LEN,
+ algo_type: IKE_ALG_ENCRYPT,
+ algo_id: OAKLEY_TWOFISH_CBC_SSH,
+ plugin_name: NULL,
+ algo_next: NULL,
+
+ enc_blocksize: TWOFISH_BLOCK_SIZE,
+ keydeflen: TWOFISH_KEY_MIN_LEN,
+ keyminlen: TWOFISH_KEY_DEF_LEN,
+ keymaxlen: TWOFISH_KEY_MAX_LEN,
};
static struct hash_desc hash_desc_md5 =
{
algo_type: IKE_ALG_HASH,
algo_id: OAKLEY_MD5,
+ plugin_name: NULL,
algo_next: NULL,
hash_digest_size: HASH_SIZE_MD5,
};
@@ -139,6 +147,7 @@ static struct hash_desc hash_desc_sha1 =
{
algo_type: IKE_ALG_HASH,
algo_id: OAKLEY_SHA,
+ plugin_name: NULL,
algo_next: NULL,
hash_digest_size: HASH_SIZE_SHA1,
};
@@ -146,6 +155,7 @@ static struct hash_desc hash_desc_sha1 =
static struct hash_desc hash_desc_sha2_256 = {
algo_type: IKE_ALG_HASH,
algo_id: OAKLEY_SHA2_256,
+ plugin_name: NULL,
algo_next: NULL,
hash_digest_size: HASH_SIZE_SHA256,
};
@@ -153,6 +163,7 @@ static struct hash_desc hash_desc_sha2_256 = {
static struct hash_desc hash_desc_sha2_384 = {
algo_type: IKE_ALG_HASH,
algo_id: OAKLEY_SHA2_384,
+ plugin_name: NULL,
algo_next: NULL,
hash_digest_size: HASH_SIZE_SHA384,
};
@@ -160,120 +171,136 @@ static struct hash_desc hash_desc_sha2_384 = {
static struct hash_desc hash_desc_sha2_512 = {
algo_type: IKE_ALG_HASH,
algo_id: OAKLEY_SHA2_512,
+ plugin_name: NULL,
algo_next: NULL,
hash_digest_size: HASH_SIZE_SHA512,
};
const struct dh_desc unset_group = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_NONE,
- algo_next: NULL,
- ke_size: 0
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_NONE,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 0
};
static struct dh_desc dh_desc_modp_1024 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_1024_BIT,
- algo_next: NULL,
- ke_size: 1024 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_1024_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 1024 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_1536 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_1536_BIT,
- algo_next: NULL,
- ke_size: 1536 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_1536_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 1536 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_2048 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_2048_BIT,
- algo_next: NULL,
- ke_size: 2048 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_2048_BIT,
+ algo_next: NULL,
+ ke_size: 2048 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_3072 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_3072_BIT,
- algo_next: NULL,
- ke_size: 3072 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_3072_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 3072 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_4096 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_4096_BIT,
- algo_next: NULL,
- ke_size: 4096 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_4096_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 4096 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_6144 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_6144_BIT,
- algo_next: NULL,
- ke_size: 6144 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_6144_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 6144 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_8192 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_8192_BIT,
- algo_next: NULL,
- ke_size: 8192 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_8192_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 8192 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_ecp_256 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: ECP_256_BIT,
- algo_next: NULL,
- ke_size: 2*256 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: ECP_256_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 2*256 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_ecp_384 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: ECP_384_BIT,
- algo_next: NULL,
- ke_size: 2*384 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: ECP_384_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 2*384 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_ecp_521 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: ECP_521_BIT,
- algo_next: NULL,
- ke_size: 2*528 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: ECP_521_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 2*528 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_1024_160 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_1024_160,
- algo_next: NULL,
- ke_size: 1024 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_1024_160,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 1024 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_2048_224 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_2048_224,
- algo_next: NULL,
- ke_size: 2048 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_2048_224,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 2048 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_modp_2048_256 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: MODP_2048_256,
- algo_next: NULL,
- ke_size: 2048 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: MODP_2048_256,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 2048 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_ecp_192 = {
- algo_type: IKE_ALG_DH_GROUP,
- algo_id: ECP_192_BIT,
- algo_next: NULL,
- ke_size: 2*192 / BITS_PER_BYTE
+ algo_type: IKE_ALG_DH_GROUP,
+ algo_id: ECP_192_BIT,
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 2*192 / BITS_PER_BYTE
};
static struct dh_desc dh_desc_ecp_224 = {
algo_type: IKE_ALG_DH_GROUP,
algo_id: ECP_224_BIT,
- algo_next: NULL,
- ke_size: 2*224 / BITS_PER_BYTE
+ plugin_name: NULL,
+ algo_next: NULL,
+ ke_size: 2*224 / BITS_PER_BYTE
};
bool init_crypto(void)
@@ -282,11 +309,12 @@ bool init_crypto(void)
encryption_algorithm_t encryption_alg;
hash_algorithm_t hash_alg;
diffie_hellman_group_t dh_group;
+ const char *plugin_name;
bool no_md5 = TRUE;
bool no_sha1 = TRUE;
enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &hash_alg))
+ while (enumerator->enumerate(enumerator, &hash_alg, &plugin_name))
{
const struct hash_desc *desc;
@@ -312,7 +340,7 @@ bool init_crypto(void)
default:
continue;
}
- ike_alg_add((struct ike_alg *)desc);
+ ike_alg_add((struct ike_alg *)desc, plugin_name);
}
enumerator->destroy(enumerator);
@@ -326,7 +354,7 @@ bool init_crypto(void)
}
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &encryption_alg))
+ while (enumerator->enumerate(enumerator, &encryption_alg, &plugin_name))
{
const struct encrypt_desc *desc;
@@ -346,7 +374,8 @@ bool init_crypto(void)
break;
case ENCR_TWOFISH_CBC:
desc = &encrypt_desc_twofish;
- ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh);
+ ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh,
+ plugin_name);
break;
case ENCR_SERPENT_CBC:
desc = &encrypt_desc_serpent;
@@ -354,12 +383,12 @@ bool init_crypto(void)
default:
continue;
}
- ike_alg_add((struct ike_alg *)desc);
+ ike_alg_add((struct ike_alg *)desc, plugin_name);
}
enumerator->destroy(enumerator);
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &dh_group))
+ while (enumerator->enumerate(enumerator, &dh_group, &plugin_name))
{
const struct dh_desc *desc;
@@ -413,7 +442,7 @@ bool init_crypto(void)
default:
continue;
}
- ike_alg_add((struct ike_alg *)desc);
+ ike_alg_add((struct ike_alg *)desc, plugin_name);
}
enumerator->destroy(enumerator);
return TRUE;
diff --git a/src/pluto/demux.c b/src/pluto/demux.c
index 0590a3585..249e645ed 100644
--- a/src/pluto/demux.c
+++ b/src/pluto/demux.c
@@ -1147,7 +1147,7 @@ read_packet(struct msg_digest *md)
}
else if (from_ugh != NULL)
{
- plog("recvfrom on %s returned misformed source sockaddr: %s"
+ plog("recvfrom on %s returned malformed source sockaddr: %s"
, ifp->rname, from_ugh);
return FALSE;
}
diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c
index 08353907e..a36b5ce4e 100644
--- a/src/pluto/ike_alg.c
+++ b/src/pluto/ike_alg.c
@@ -72,7 +72,7 @@ static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id,
/**
* "raw" ike_alg list adding function
*/
-int ike_alg_add(struct ike_alg* a)
+int ike_alg_add(struct ike_alg* a, const char *plugin_name)
{
if (a->algo_type > IKE_ALG_MAX)
{
@@ -96,6 +96,7 @@ int ike_alg_add(struct ike_alg* a)
e = *ep;
}
*ep = a;
+ a->plugin_name = plugin_name;
a->algo_next = e;
return 0;
}
@@ -304,63 +305,71 @@ fail:
}
/**
+ * Print the name of an algorithm plus the name of the plugin that registered it
+ */
+static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type,
+ const char *plugin_name)
+{
+ char alg_name[BUF_LEN];
+ int alg_name_len;
+
+ alg_name_len = sprintf(alg_name, " %s[%s]", enum_name(alg_names, alg_type),
+ plugin_name);
+ if (*len + alg_name_len > CRYPTO_MAX_ALG_LINE)
+ {
+ whack_log(RC_COMMENT, "%s", buf);
+ *len = sprintf(buf, " ");
+ }
+ sprintf(buf + *len, "%s", alg_name);
+ *len += alg_name_len;
+}
+
+/**
* Show registered IKE algorithms
*/
void ike_alg_list(void)
{
+ rng_quality_t quality;
+ enumerator_t *enumerator;
+ const char *plugin_name;
char buf[BUF_LEN];
- char *pos;
- int n, len;
+ int len;
struct ike_alg *a;
whack_log(RC_COMMENT, " ");
whack_log(RC_COMMENT, "List of registered IKEv1 Algorithms:");
whack_log(RC_COMMENT, " ");
- pos = buf;
- *pos = '\0';
- len = BUF_LEN;
+ len = sprintf(buf, " encryption:");
for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
{
- n = snprintf(pos, len, " %s", enum_name(&oakley_enc_names, a->algo_id));
- pos += n;
- len -= n;
- if (len <= 0)
- {
- break;
- }
+ print_alg(buf, &len, &oakley_enc_names, a->algo_id, a->plugin_name);
}
- whack_log(RC_COMMENT, " encryption:%s", buf);
+ whack_log(RC_COMMENT, "%s", buf);
- pos = buf;
- *pos = '\0';
- len = BUF_LEN;
+ len = sprintf(buf, " integrity: ");
for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
{
- n = snprintf(pos, len, " %s", enum_name(&oakley_hash_names, a->algo_id));
- pos += n;
- len -= n;
- if (len <= 0)
- {
- break;
- }
+ print_alg(buf, &len, &oakley_hash_names, a->algo_id, a->plugin_name);
}
- whack_log(RC_COMMENT, " integrity: %s", buf);
+ whack_log(RC_COMMENT, "%s", buf);
- pos = buf;
- *pos = '\0';
- len = BUF_LEN;
+ len = sprintf(buf, " dh-group: ");
for (a = ike_alg_base[IKE_ALG_DH_GROUP]; a != NULL; a = a->algo_next)
{
- n = snprintf(pos, len, " %s", enum_name(&oakley_group_names, a->algo_id));
- pos += n;
- len -= n;
- if (len <= 0)
- {
- break;
- }
+ print_alg(buf, &len, &oakley_group_names, a->algo_id, a->plugin_name);
+ }
+ whack_log(RC_COMMENT, "%s", buf);
+
+ len = sprintf(buf, " random-gen:");
+ enumerator = lib->crypto->create_rng_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &quality, &plugin_name))
+ {
+ len += sprintf(buf + len, " %N[%s]", rng_quality_names, quality,
+ plugin_name);
}
- whack_log(RC_COMMENT, " dh-group: %s", buf);
+ enumerator->destroy(enumerator);
+ whack_log(RC_COMMENT, "%s", buf);
}
/**
diff --git a/src/pluto/ike_alg.h b/src/pluto/ike_alg.h
index 458d14c3a..c3ce8bb38 100644
--- a/src/pluto/ike_alg.h
+++ b/src/pluto/ike_alg.h
@@ -22,12 +22,14 @@
struct ike_alg {
u_int16_t algo_type;
u_int16_t algo_id;
+ const char *plugin_name;
struct ike_alg *algo_next;
};
struct encrypt_desc {
u_int16_t algo_type;
u_int16_t algo_id;
+ const char *plugin_name;
struct ike_alg *algo_next;
size_t enc_blocksize;
@@ -39,6 +41,7 @@ struct encrypt_desc {
struct hash_desc {
u_int16_t algo_type;
u_int16_t algo_id;
+ const char *plugin_name;
struct ike_alg *algo_next;
size_t hash_digest_size;
@@ -47,6 +50,7 @@ struct hash_desc {
struct dh_desc {
u_int16_t algo_type;
u_int16_t algo_id;
+ const char *plugin_name;
struct ike_alg *algo_next;
size_t ke_size;
@@ -57,7 +61,7 @@ struct dh_desc {
#define IKE_ALG_DH_GROUP 2
#define IKE_ALG_MAX IKE_ALG_DH_GROUP
-extern int ike_alg_add(struct ike_alg *a);
+extern int ike_alg_add(struct ike_alg *a, const char *plugin_name);
extern struct hash_desc *ike_alg_get_hasher(u_int alg);
extern struct encrypt_desc *ike_alg_get_crypter(u_int alg);
extern struct dh_desc *ike_alg_get_dh_group(u_int alg);
diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c
index e57822ffb..104b6c2d4 100644
--- a/src/pluto/kernel.c
+++ b/src/pluto/kernel.c
@@ -1183,7 +1183,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src,
host_dst, ipcomp_spi, said_next->proto, c->spd.reqid,
- mark, &lt_none, ENCR_UNDEFINED, chunk_empty,
+ mark, 0, &lt_none, ENCR_UNDEFINED, chunk_empty,
AUTH_UNDEFINED, chunk_empty, mode,
st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE,
inbound, NULL, NULL) != SUCCESS)
@@ -1292,7 +1292,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src,
host_dst, esp_spi, said_next->proto, c->spd.reqid,
- mark, &lt_none, enc_alg, enc_key,
+ mark, 0, &lt_none, enc_alg, enc_key,
auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */,
encap, inbound, NULL, NULL) != SUCCESS)
{
@@ -1325,7 +1325,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src,
host_dst, ah_spi, said_next->proto, c->spd.reqid,
- mark, &lt_none, ENCR_UNDEFINED, chunk_empty,
+ mark, 0, &lt_none, ENCR_UNDEFINED, chunk_empty,
auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */,
FALSE, inbound, NULL, NULL) != SUCCESS)
{
diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c
index 2a195cffc..c82c376f8 100644
--- a/src/pluto/kernel_alg.c
+++ b/src/pluto/kernel_alg.c
@@ -397,55 +397,55 @@ struct sadb_alg* kernel_alg_esp_sadb_alg(u_int alg_id)
return sadb_alg;
}
+/**
+ * Print the name of a kernel algorithm
+ */
+static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type)
+{
+ char alg_name[BUF_LEN];
+ int alg_name_len;
+
+ alg_name_len = sprintf(alg_name, " %s", enum_name(alg_names, alg_type));
+ if (*len + alg_name_len > CRYPTO_MAX_ALG_LINE)
+ {
+ whack_log(RC_COMMENT, "%s", buf);
+ *len = sprintf(buf, " ");
+ }
+ sprintf(buf + *len, "%s", alg_name);
+ *len += alg_name_len;
+}
+
void kernel_alg_list(void)
{
char buf[BUF_LEN];
- char *pos;
- int n, len;
+ int len;
u_int sadb_id;
whack_log(RC_COMMENT, " ");
whack_log(RC_COMMENT, "List of registered ESP Algorithms:");
whack_log(RC_COMMENT, " ");
- pos = buf;
- *pos = '\0';
- len = BUF_LEN;
+ len = sprintf(buf, " encryption:");
for (sadb_id = 1; sadb_id <= SADB_EALG_MAX; sadb_id++)
{
if (ESP_EALG_PRESENT(sadb_id))
{
- n = snprintf(pos, len, " %s",
- enum_name(&esp_transform_names, sadb_id));
- pos += n;
- len -= n;
- if (len <= 0)
- {
- break;
- }
+ print_alg(buf, &len, &esp_transform_names, sadb_id);
}
}
- whack_log(RC_COMMENT, " encryption:%s", buf);
+ whack_log(RC_COMMENT, "%s", buf);
- pos = buf;
- *pos = '\0';
- len = BUF_LEN;
+ len = sprintf(buf, " integrity: ");
for (sadb_id = 1; sadb_id <= SADB_AALG_MAX; sadb_id++)
{
if (ESP_AALG_PRESENT(sadb_id))
{
u_int aaid = alg_info_esp_sadb2aa(sadb_id);
- n = snprintf(pos, len, " %s", enum_name(&auth_alg_names, aaid));
- pos += n;
- len -= n;
- if (len <= 0)
- {
- break;
- }
+ print_alg(buf, &len, &auth_alg_names, aaid);
}
}
- whack_log(RC_COMMENT, " integrity: %s", buf);
+ whack_log(RC_COMMENT, "%s", buf);
}
void kernel_alg_show_connection(connection_t *c, const char *instance)
diff --git a/src/pluto/keys.c b/src/pluto/keys.c
index a79c2c0d2..86b46c6c1 100644
--- a/src/pluto/keys.c
+++ b/src/pluto/keys.c
@@ -902,6 +902,7 @@ static void process_secret(secret_t *s, int whackfd)
{
loglog(RC_LOG_SERIOUS, "\"%s\" line %d: %s"
, flp->filename, flp->lino, ugh);
+ s->ids->destroy_offset(s->ids, offsetof(identification_t, destroy));
free(s);
}
else if (flushline("expected record boundary in key"))
@@ -1010,8 +1011,11 @@ static void process_secret_records(int whackfd)
if (!shift())
{
/* unexpected Record Boundary or EOF */
- loglog(RC_LOG_SERIOUS, "\"%s\" line %d: unexpected end of id list"
- , flp->filename, flp->lino);
+ loglog(RC_LOG_SERIOUS, "\"%s\" line %d: unexpected end"
+ " of id list", flp->filename, flp->lino);
+ s->ids->destroy_offset(s->ids,
+ offsetof(identification_t, destroy));
+ free(s);
break;
}
}
diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c
index 8a351be6d..a3694b7b5 100644
--- a/src/pluto/ocsp.c
+++ b/src/pluto/ocsp.c
@@ -1045,8 +1045,8 @@ static bool valid_ocsp_response(response_t *res)
)
/* check path length constraint */
- pathlen_constraint = x509->get_pathLenConstraint(x509);
- if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT &&
+ pathlen_constraint = x509->get_constraint(x509, X509_PATH_LEN);
+ if (pathlen_constraint != X509_NO_CONSTRAINT &&
pathlen > pathlen_constraint)
{
plog("path length of %d violates constraint of %d",
diff --git a/src/pluto/plugins/xauth/Makefile.in b/src/pluto/plugins/xauth/Makefile.in
index b2ffb11db..358805cc4 100644
--- a/src/pluto/plugins/xauth/Makefile.in
+++ b/src/pluto/plugins/xauth/Makefile.in
@@ -218,9 +218,7 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -259,6 +257,8 @@ sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
diff --git a/src/pluto/pluto.8 b/src/pluto/pluto.8
index 58cb15091..9ac537bd9 100644
--- a/src/pluto/pluto.8
+++ b/src/pluto/pluto.8
@@ -1,8 +1,8 @@
.TH IPSEC_PLUTO 8 "28 March 1999"
.SH NAME
-ipsec pluto \- IPsec IKE keying daemon
-.br
-ipsec whack \- control interface for IPSEC keying daemon
+pluto \- IPsec IKE keying daemon and control interface
+.PP
+whack \- control interface for IKE keying daemon
.SH SYNOPSIS
.na
.nh
@@ -1009,7 +1009,7 @@ specifies the name of the operation to be performed
\fBup-host\fP, \fBup-client\fP,
\fBdown-host\fP, or \fBdown-client\fP). If the address family for
security gateway to security gateway communications is IPv6, then
-a suffix of -v6 is added to the verb.
+a suffix of \-v6 is added to the verb.
.TP
\fBPLUTO_CONNECTION\fP
is the name of the connection for which we are routing.
@@ -1571,7 +1571,7 @@ rejected with ECONNREFUSED (kernel supplied no details)''. John
Denker suggests that this command is useful for tracking down the
source of these problems:
.br
- tcpdump -i eth0 icmp[0] != 8 and icmp[0] != 0
+ tcpdump \-i eth0 icmp[0] != 8 and icmp[0] != 0
.br
Substitute your public interface for eth0 if it is different.
.LP
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index d717beb15..7e2aca862 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -255,8 +255,8 @@ bool verify_x509cert(cert_t *cert, bool strict, time_t *until)
unlock_authcert_list("verify_x509cert");
/* check path length constraint */
- pathlen_constraint = x509->get_pathLenConstraint(x509);
- if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT &&
+ pathlen_constraint = x509->get_constraint(x509, X509_PATH_LEN);
+ if (pathlen_constraint != X509_NO_CONSTRAINT &&
pathlen > pathlen_constraint)
{
plog("path length of %d violates constraint of %d",
@@ -450,8 +450,8 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
}
/* list optional pathLenConstraint */
- pathlen = x509->get_pathLenConstraint(x509);
- if (pathlen != X509_NO_PATH_LEN_CONSTRAINT)
+ pathlen = x509->get_constraint(x509, X509_PATH_LEN);
+ if (pathlen != X509_NO_CONSTRAINT)
{
whack_log(RC_COMMENT, " pathlen: %d", pathlen);
}