aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Handle tag separatorsAndreas Steffen2014-04-152-13/+16
|
* Renewed expired user certificateAndreas Steffen2014-04-157-49/+75
|
* Updated SWID scenariosAndreas Steffen2014-04-156-4/+18
|
* swid_generator software-id does not generate empty lines any moreAndreas Steffen2014-04-151-5/+0
|
* Added result information to TPMRA workitemsAndreas Steffen2014-04-158-62/+94
| | | | On the occasion got rid of complicated functional component stuff
* Indicate IMV in assessment log statementAndreas Steffen2014-04-151-4/+14
|
* Implemented segmented SWID tag attributes on IMV sideAndreas Steffen2014-04-1558-71/+178
|
* Use python-based swidGenerator to generated SWID tagsAndreas Steffen2014-04-1538-232/+717
|
* Updated imv database templatesAndreas Steffen2014-04-152-14/+15
|
* Optimized PTS measurementsAndreas Steffen2014-04-1512-294/+132
|
* Use cached pid for product-based package accessAndreas Steffen2014-04-152-40/+17
|
* Make Attestation IMV independent of OS IMVAndreas Steffen2014-04-1527-52/+446
|
* Separated IMV session management from IMV policy databaseAndreas Steffen2014-04-1538-1343/+1786
|
* Renamed the AIK public key parameter to imc-attestation.aik_pubkeyAndreas Steffen2014-04-152-2/+2
|
* Implemented configurable Device ID in OS IMCAndreas Steffen2014-04-152-11/+97
|
* Version bump to 5.2.0dr1Andreas Steffen2014-04-151-1/+1
|
* Version bump to 5.1.35.1.3Andreas Steffen2014-04-141-1/+1
|
* NEWS: Added info about CVE-2014-2338Tobias Brunner2014-04-141-0/+6
|
* ikev2: Reject CREATE_CHILD_SA exchange on unestablished IKE_SAsMartin Willi2014-04-141-0/+9
| | | | | | | Prevents a responder peer to trick us into established state by starting IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH. Fixes CVE-2014-2338.
* eap-mschapv2: Fix potential leaks in case of invalid messages from serversTobias Brunner2014-04-091-0/+4
|
* pts: Make sure the complete AIK blob has been readTobias Brunner2014-04-091-1/+2
|
* attr: Don't shift the 32-bit netmask by 32Tobias Brunner2014-04-091-3/+6
| | | | | | | | | | This is undefined behavior as per the C99 standard (sentence 1185): "If the value of the right operand is negative or is greater or equal to the width of the promoted left operand, the behavior is undefined." Apparently shifts may be done modulo the width on some platforms so a shift by 32 would not shift at all.
* nm: Fix NULL-pointer dereference when handling TUN device failureTobias Brunner2014-04-091-1/+0
|
* x509: Don't include authKeyIdentifier in self-signed certificatesTobias Brunner2014-04-091-1/+1
| | | | | As the comment indicates this was the intention in d7be2906433a7dcfefc1fd732587865688dbfe1b all along.
* x509: Initialize certs when building optionalSignature for OCSP requestsTobias Brunner2014-04-091-1/+1
|
* stroke: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* pki: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* pki: Removed extra continue statementTobias Brunner2014-04-091-1/+0
|
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-086-16/+37
|
* Added some more OIDsAndreas Steffen2014-04-081-1/+20
|
* Initialize m1 to suppress compiler warningAndreas Steffen2014-04-071-1/+1
|
* Fixed another dirname/basename refactoring bug.Andreas Steffen2014-04-071-1/+3
| | | | file was freed before use.
* Fixed dirname/basename refactoring bug.Andreas Steffen2014-04-071-11/+10
| | | | Variables used in a database query have to be kept until the end of the enumeration
* Added SHA3 OIDsAndreas Steffen2014-04-041-6/+12
|
* Fixed pretest script in tnc/tnccs-20-pt-tls scenarioAndreas Steffen2014-04-041-1/+1
|
* ike-cfg: Properly compare IKE proposals for equality5.1.3rc1Tobias Brunner2014-04-031-1/+1
|
* leak-detective: LEAK_DETECTIVE_DISABLE completely disables LDTobias Brunner2014-04-033-17/+23
| | | | | If lib->leak_detective is non-null some code parts (e.g. the plugin loader) assume LD is actually used.
* testing: Run 'conntrack -F' before all test scenariosTobias Brunner2014-04-0228-41/+14
| | | | This prevents failures due to remaining conntrack entries.
* unit-tests: Verify two bytes at once when testing chunk_clear()Tobias Brunner2014-04-021-3/+6
| | | | | This reduces the chances of arbitrary test failures if the memory area already got overwritten.
* Merge branch 'tls-unit-tests'Martin Willi2014-04-0124-38/+988
|\ | | | | | | | | | | Add some initial unit-tests to libtls, testing all supported cipher suites against self, both with and without client authentication, for all supported TLS versions.
| * tls: Add a test case to check correct enum name mapping of cipher suitesMartin Willi2014-04-013-0/+250
| |
| * tls: Add socket based tests testing all supported suites with TLS 1.2/1.1/1.0Martin Willi2014-04-013-0/+527
| |
| * tls: Remove superfluous initializers in TLS AEAD implementationsMartin Willi2014-04-014-4/+0
| |
| * tls: Support a maximum TLS version to negotiate using TLS socket abstractionMartin Willi2014-04-016-7/+9
| |
| * tls: Support a null encryption flag on TLS socket abstractionMartin Willi2014-04-015-7/+21
| |
| * tls: Introduce a generic TLS purpose that accepts NULL encryption ciphersMartin Willi2014-04-014-2/+8
| |
| * tls: Export a function to list supported TLS cipher suitesMartin Willi2014-04-012-18/+66
| |
| * tls: Create a unit-test runnerMartin Willi2014-04-016-0/+94
| |
| * unit-tests: Catch timeouts during test runner deinit functionMartin Willi2014-04-011-6/+18
| | | | | | | | | | | | The test runner deinit function often cancels all threads from the pool. This operation might hang on error conditions, hence we should include that hook in the test timeout to fail properly.
| * unit-tests: Prevent a failing worker thread to go wild after it failsMartin Willi2014-04-011-1/+2
|/ | | | | | A worker raises SIGUSR1 to inform the main thread that the test fails. The main thread then starts cancelling workers, but the offending thread should be terminated immediately to prevent it from test continuation.