aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.Tobias Brunner2011-12-236-14/+16
| |
* | Avoid integer overflow when parsing ASN.1 dates.Tobias Brunner2011-12-231-2/+2
| | | | | | | | This only works properly if sizeof(time_t) > 4.
* | pki: Avoid integer overflow when calculating certificate lifetimes.Tobias Brunner2011-12-233-3/+3
| | | | | | | | This only works properly if sizeof(time_t) > 4.
* | Properly ASN.1 encode dates in certificates depending on the year.Tobias Brunner2011-12-236-16/+21
| |
* | pluto: Fixed expiration date test.Tobias Brunner2011-12-231-2/+1
| |
* | Fix deadlock in trap_manager_t during acquire.Tobias Brunner2011-12-231-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fixes a TOCTOU issue regarding the use of entry_t.pending. The deadlock was caused because the rwlock was being locked while waiting for an IKE_SA. Triggering the deadlock was a bit tricky, here is the description by Thomas Egerer (the reporter of this issue): " The deadlock occurs when the following happens (in the given order): a) an IKE_SA is built and a thread is processing the IKE_AUTH request, which can take a bit longer when a smartcard is involved. This causes the ike_sa_manager to lock a particular IKE_SA exclusively. b) an acquire is triggered which causes the rwlock in the trap_manager to be read-locked, the subsequent call to ike_sa_manager->checkout_by_config has to wait until a) unlocks it's ike_sa. c) a child_cfg contained in the peer_cfg belonging to the ike_sa a) has locked is routed causes the child_configs contained in the peer config to be locked by c) while the actual routing code within trap_manager tries to writelock it's rwlock. That's about it. As soon as a) finishes authentication of the peer and tries to find a matching child sa it will try to lock the child configs of the peer config which is not possible since it has been locked by c). Thread | Resource locked | Resource desired -------+--------------------------------+-------------------------------- (a) | ike_sa in ike_sa_manager | child_cfgs of peer_cfg | | (b) | rwlock in trap-manager (read) | ike_sa in ike_sa_manager | | (c) | child_cfgs of peer_cfg | rwlock in trap-manager (write) " With this patch thread (b) now does not hold the lock while waiting for the IKE_SA. Thus (c) can get the write lock, and (a) can subsequently lock the mutex in the peer_cfg which then finally allows (b) to checkout the IKE_SA.
* | Added atomic compare and swap operations.Tobias Brunner2011-12-232-0/+48
| | | | | | | | Using a GCC atomic builtin if available or a global mutex otherwise.
* | Fixed flush() method of trap_manager_t.Tobias Brunner2011-12-231-3/+9
| | | | | | | | | | A segmentation fault could have happened during destruction of the trap manager after calling flush().
* | made ikev2/reauth-late scenario more robustAndreas Steffen2011-12-212-3/+3
| |
* | additional state waiting for the EvidenceFinal attribute responseAndreas Steffen2011-12-202-0/+8
| |
* | moved send_message() in front of recommendation evaluationAndreas Steffen2011-12-184-20/+21
| |
* | added case IMV_ATTESTATION_STATE_ENDAndreas Steffen2011-12-182-5/+3
| |
* | TrouSerS expects a bitmask field length of at least 3 bytesSansar Choinyambuu2011-12-181-1/+5
| |
* | check for TrouSerSAndreas Steffen2011-12-181-0/+5
| |
* | added Attestation IMC/IMV to UML buildAndreas Steffen2011-12-182-0/+12
| |
* | build PA-TNC message only if there are PA-TNC attributes to sendAndreas Steffen2011-12-183-20/+43
| |
* | destroy attributes, tooAndreas Steffen2011-12-181-1/+1
| |
* | added reference counts to all PA-TNC attribute classesAndreas Steffen2011-12-1819-56/+405
| |
* | reworded comments and debug outputAndreas Steffen2011-12-181-13/+20
| |
* | Prepend Debian string to Debian versionAndreas Steffen2011-12-181-7/+19
| |
* | removed unused variableAndreas Steffen2011-12-161-1/+0
| |
* | moved management of additional IMC/IMV IDs to agentAndreas Steffen2011-12-167-83/+146
| |
* | Also log PGP parsing in ASN log group.Tobias Brunner2011-12-162-19/+19
| |
* | Log messages for PKCS1 and PEM parsing in ASN log group.Tobias Brunner2011-12-162-11/+11
| |
* | Log most X.509 related messages in new ASN log group.Tobias Brunner2011-12-165-57/+57
| |
* | Log ASN.1 parsing in new ASN debug group.Tobias Brunner2011-12-162-26/+26
| |
* | Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509).Tobias Brunner2011-12-166-3/+11
| | | | | | | | | | This will allow us to remove quite some clutter from the LIB debug group for higher debug levels.
* | Log native thread ID when a thread is created.Tobias Brunner2011-12-162-1/+27
| | | | | | | | | | If possible gettid() is used, otherwise pthread_self() is logged (which is not completely portable, but seems to work on most supported platforms).
* | Log worker thread ID with two digits.Tobias Brunner2011-12-161-2/+2
| |
* | fixed caption alignmentAndreas Steffen2011-12-161-1/+2
| |
* | Revert "fixed caption alignment"Andreas Steffen2011-12-163-10/+2
| | | | | | | | This reverts commit d463def798ed339b143ee9500c2781532394171e.
* | fixed caption alignmentAndreas Steffen2011-12-163-2/+10
| |
* | Make sure the certificate cache is flushed when plugins are unloaded.Tobias Brunner2011-12-153-0/+6
| | | | | | | | | | This avoids segmentation faults when plugins implementing cert_t are already unloaded when the cache is flushed during destruction.
* | Charon also supports type=passthrough|drop.Tobias Brunner2011-12-141-6/+0
| |
* | Always unlock mutex for installed policies in kernel-netlink plugin.Thomas Egerer2011-12-141-1/+5
| |
* | Documented xauth_identity in ipsec.conf(5) man page.Tobias Brunner2011-12-141-3/+7
| |
* | Documented binary secrets in ipsec.secrets(5) man page.Tobias Brunner2011-12-141-9/+14
| |
* | Added missing libsimaka files to Android.mk.Tobias Brunner2011-12-141-0/+2
| |
* | Destroy mediation managers before unloading plugins.Tobias Brunner2011-12-141-4/+4
| |
* | added UML support for IF-MAP interfaceAndreas Steffen2011-12-122-6/+12
| |
* | some NEWS entries for 4.6.2Andreas Steffen2011-12-121-0/+14
| |
* | version bump to 4.6.2dr2Andreas Steffen2011-12-121-1/+1
| |
* | added libimcv.plugins.imc-attestation.aik_blob parameterAndreas Steffen2011-12-111-0/+3
| |
* | upgraded Test IMC/IMV pair to fully support multple IMC IDsAndreas Steffen2011-12-117-81/+149
| |
* | added IETF standard error handling methodAndreas Steffen2011-12-118-185/+112
| |
* | implemented IMC/IMV ReceiveMessageLong functionsAndreas Steffen2011-12-0911-128/+467
| |
* | added IMC/IMV support for send_message_long() and reserve_additional_id() ↵Andreas Steffen2011-12-0914-31/+332
| | | | | | | | functions
* | store the long and excl flags in the connection stateAndreas Steffen2011-12-0910-1/+245
| |
* | IMC/IMV gets v1.3 attributes from TNCC/TNCSAndreas Steffen2011-12-092-12/+162
| |
* | implemented ReportMessageTypesLongAndreas Steffen2011-12-082-17/+91
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-25 19:00:48 +0000