aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* stroke: Add an option to prevent log level changes via stroke socketTobias Brunner2014-01-232-2/+18
|
* pki: Make sure no command registers too many optionsTobias Brunner2014-01-232-4/+11
|
* pki: Increase MAX_COMMANDS to cover all currently available commandsTobias Brunner2014-01-231-2/+2
| | | | Fixes #452.
* pki: Print a warning if MAX_COMMANDS is too lowTobias Brunner2014-01-231-0/+7
|
* pki: Properly use ?: when defining option arraysTobias Brunner2014-01-231-2/+2
|
* configure: Add -Wno-format-security to default CFLAGSTobias Brunner2014-01-231-1/+1
| | | | | | Either due to a change in Ubuntu 13.10 or GCC 4.8 -Wno-format has no effect if -Wformat-security is enabled (which it is on Ubuntu) so we also disable the latter by default.
* agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socketTobias Brunner2014-01-234-14/+10
| | | | This is also required if charon-cmd is used with capability dropping.
* ike: Simplify error handling if name resolution failedTobias Brunner2014-01-231-16/+3
| | | | | | | This avoids a second name resolution attempt just to determine if %any etc. was configured. Fixes #440.
* ike: Use proper hostname(s) when name resolution failedTobias Brunner2014-01-231-1/+1
| | | | | | Was wrong since 0edce687675df8f10f4026fa12a8fc3b3dd003f5. Fixes #440.
* ikev2: Wipe (optional) shared secret during CHILD_SA key derivationTobias Brunner2014-01-231-11/+14
|
* checksum must be the last subdir includedTobias Brunner2014-01-231-4/+4
| | | | | | | Otherwise charon-cmd will not yet be installed when the checksums are calculated (now from the install dir, not the build dir). Fixes #496.
* unit-tests: Pass a test suite collection name to print during test executionMartin Willi2014-01-224-9/+12
| | | | | As we except to get more and more test runners for the different components, we add a name to easily identify them on the test output.
* array: Add an array_get() functionMartin Willi2014-01-223-3/+44
|
* watcher: Don't complain if select() syscall got interruptedMartin Willi2014-01-221-1/+1
|
* stream: Make sure no watcher callback is active while changing stream callbacksMartin Willi2014-01-221-14/+3
| | | | | | | | | | | When changing async callbacks on streams, we have to make sure the watcher callback is not currently active and has temporarily disabled callbacks. This could have been the case, as we didn't explicitly removed any pending watcher registration if both callbacks are NULL. By enforcing the watcher unregistration, we are sure the watcher callback is not active and currently is not mangling the callback hooks. This should make sure we avoid any races for the callback variables.
* checksum: Read executables from DESTDIRTobias Brunner2014-01-211-7/+7
| | | | | | | This allows to recreate the checksums after the installed binaries have been modified e.g. with strip. Fixes #491.
* man: Add documentation of the dhcp interface optionThomas Egerer2014-01-201-0/+5
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* dhcp: Allow binding of socket to particular interfaceThomas Egerer2014-01-201-0/+34
| | | | | | | | | In certain situations it is desirable to bind the send/receive sockets for the DHCP address allocation to a particular interface. With this patch the strongswan.conf option charon.plugins.dhcp.interface can be used to restrict the DHCP communication to a configurable interface. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* proposal: Add possibility to register custom proposal keyword parserThomas Egerer2014-01-202-2/+66
| | | | | | | | | If a proposal string cannot be matched to a token using strcmp (e.g. if you want to register a whole class of algorithms containing their ID, like my_alg_2342), you can use the provided function to register a parser that transforms the given string into a proposal token. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* unit-tests: Add environment variable to reduce the number of generated keysTobias Brunner2014-01-202-2/+14
| | | | | | | If TESTS_REDUCED_KEYLENGTHS is set RSA and ECDSA keys are only generated for the lowest configured key length. Fixes #474.
* unit-tests: Generate RSA key with 768 bits not 786Tobias Brunner2014-01-201-1/+1
|
* ike_sa: Defer task manager destruction after child destructionThomas Egerer2014-01-164-9/+16
| | | | | | | | | | This patch exports the task manager's flush to allow flushing of all queues with one function call from ike_sa->destroy. It allows the access of intact children during task destructoin (see git-commit e44ebdcf) and allows the access of the task manager in child_state_change hook. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Version bump to 5.1.2rc1Andreas Steffen2014-01-162-1/+4
|
* Added TPMRA workitem support in PTS databaseAndreas Steffen2014-01-162-0/+120
|
* printf-hook-builtin: Correctly calculate written bytes in print_in_hook()Martin Willi2014-01-151-3/+7
| | | | | | | | | | The hook data counts remaining buffer bytes, not used ones. Counting them correctly fixes a crash for long hexdumps. Further, print_in_hook() must return the number of bytes that would have been written, not the actually written bytes. This is important, as we allocate a dynamic buffer in bus that relies on the exact byte count. Fixes long hexdumps that got truncated.
* Do PTS measurements only if session initialisation was successful5.1.2dr3Andreas Steffen2014-01-151-7/+22
|
* Starting with 3.1.7 kernel.org replaced bz2 with xz formatAndreas Steffen2014-01-152-5/+5
|
* Version bump to 5.1.2dr3Andreas Steffen2014-01-131-1/+1
|
* Catch AIK errorsAndreas Steffen2014-01-135-51/+57
|
* Do TPM measurements only if there is a TPMRA workitemAndreas Steffen2014-01-137-126/+139
|
* Allow reason strings to be used as workitem result stringAndreas Steffen2014-01-139-46/+82
|
* Attestation IMV processes TPMRA workitemAndreas Steffen2014-01-133-3/+69
|
* Added TPM Remote Attestation (TPMRA) workitemAndreas Steffen2014-01-102-2/+4
|
* checksum: Set rpath including DESTDIR for checksum_builderTobias Brunner2014-01-081-0/+1
| | | | | | | This way libraries to which checksum_builder does not itself link, like libtls and libradius, are found during DESTDIR installs. Fixes #476.
* test-asn1: Fix skipping of >2038 tests on i386Tobias Brunner2014-01-061-35/+35
| | | | | | | | The two constants overflow time_t on i386 (they also produced a compiler warning without type suffix) so the comparison with TIME_32_BIT_SIGNED_MAX did not work as intended. Fixes #477.
* chunk: Fix chunk_mac/hash tests on big-endian systemsTobias Brunner2014-01-061-2/+27
| | | | | | | | Our SipHash-2-4 implementation returns the result in host order, while the test vectors are little-endian. Use a custom comparison function to account for this. Fixes #478.
* utils: Fix %T printf hook on big-endian systemsTobias Brunner2014-01-061-1/+1
| | | | | | | | The cast to a bool* cut of the actual value on big-endian systems if bool was shorter than int because the bool argument to printf gets promoted to an int. Fixes #479.
* checksum: Delay building of checksum_builder until required by make installTobias Brunner2014-01-061-2/+2
| | | | This ensures PLUGINDIR includes any DESTDIR set during make install.
* checksum: Remove unnecessary pluto symbolTobias Brunner2014-01-061-3/+0
|
* stroke: Fix error message if parsing leftsourceip failsTobias Brunner2014-01-061-1/+1
|
* Update PCR even if measurement does not equal reference valueAndreas Steffen2013-12-211-3/+3
|
* tun-device: Include system headers before our ownTobias Brunner2013-12-202-3/+5
| | | | | | | | | | | | | On CentOS 6.5 the sys/capability.h header file defines _LINUX_TYPES_H without actually including that header, preventing its later inclusion here. As library.h (via which the capabilities headers are included) is not actually required in tun_device.[ch], moving the inclusion of tun_device.h would not strictly be necessary. But it's probably a good idea to include our own headers after system headers anyway, for if one of the recursively included files at a later point includes library.h we'd have the same problem again.
* aes-test: Fix compiler warnings from older versions of GCCTobias Brunner2013-12-191-1/+1
|
* Fixed check_file_measurement method in pts_database_tAndreas Steffen2013-12-131-6/+54
|
* unit-tests: NTRU test to check a special branchAndreas Steffen2013-12-081-0/+7
|
* min_MGF_hash_calls parameter is not needed anymoreAndreas Steffen2013-12-072-18/+0
|
* Optimized MGF1 implementationAndreas Steffen2013-12-071-8/+13
|
* Implemented ntru_trits classAndreas Steffen2013-12-079-293/+383
|
* Streamlined DRBG and MGF1 debug outputAndreas Steffen2013-12-073-14/+20
|
* Version bump to 5.1.2dr25.1.2.dr2Andreas Steffen2013-12-061-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 12:48:36 +0000