aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* attr: Don't shift the 32-bit netmask by 32Tobias Brunner2014-04-091-3/+6
| | | | | | | | | | This is undefined behavior as per the C99 standard (sentence 1185): "If the value of the right operand is negative or is greater or equal to the width of the promoted left operand, the behavior is undefined." Apparently shifts may be done modulo the width on some platforms so a shift by 32 would not shift at all.
* nm: Fix NULL-pointer dereference when handling TUN device failureTobias Brunner2014-04-091-1/+0
|
* x509: Don't include authKeyIdentifier in self-signed certificatesTobias Brunner2014-04-091-1/+1
| | | | | As the comment indicates this was the intention in d7be2906433a7dcfefc1fd732587865688dbfe1b all along.
* x509: Initialize certs when building optionalSignature for OCSP requestsTobias Brunner2014-04-091-1/+1
|
* stroke: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* pki: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* pki: Removed extra continue statementTobias Brunner2014-04-091-1/+0
|
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-086-16/+37
|
* Added some more OIDsAndreas Steffen2014-04-081-1/+20
|
* Initialize m1 to suppress compiler warningAndreas Steffen2014-04-071-1/+1
|
* Fixed another dirname/basename refactoring bug.Andreas Steffen2014-04-071-1/+3
| | | | file was freed before use.
* Fixed dirname/basename refactoring bug.Andreas Steffen2014-04-071-11/+10
| | | | Variables used in a database query have to be kept until the end of the enumeration
* Added SHA3 OIDsAndreas Steffen2014-04-041-6/+12
|
* Fixed pretest script in tnc/tnccs-20-pt-tls scenarioAndreas Steffen2014-04-041-1/+1
|
* ike-cfg: Properly compare IKE proposals for equality5.1.3rc1Tobias Brunner2014-04-031-1/+1
|
* leak-detective: LEAK_DETECTIVE_DISABLE completely disables LDTobias Brunner2014-04-033-17/+23
| | | | | If lib->leak_detective is non-null some code parts (e.g. the plugin loader) assume LD is actually used.
* testing: Run 'conntrack -F' before all test scenariosTobias Brunner2014-04-0228-41/+14
| | | | This prevents failures due to remaining conntrack entries.
* unit-tests: Verify two bytes at once when testing chunk_clear()Tobias Brunner2014-04-021-3/+6
| | | | | This reduces the chances of arbitrary test failures if the memory area already got overwritten.
* Merge branch 'tls-unit-tests'Martin Willi2014-04-0124-38/+988
|\ | | | | | | | | | | Add some initial unit-tests to libtls, testing all supported cipher suites against self, both with and without client authentication, for all supported TLS versions.
| * tls: Add a test case to check correct enum name mapping of cipher suitesMartin Willi2014-04-013-0/+250
| |
| * tls: Add socket based tests testing all supported suites with TLS 1.2/1.1/1.0Martin Willi2014-04-013-0/+527
| |
| * tls: Remove superfluous initializers in TLS AEAD implementationsMartin Willi2014-04-014-4/+0
| |
| * tls: Support a maximum TLS version to negotiate using TLS socket abstractionMartin Willi2014-04-016-7/+9
| |
| * tls: Support a null encryption flag on TLS socket abstractionMartin Willi2014-04-015-7/+21
| |
| * tls: Introduce a generic TLS purpose that accepts NULL encryption ciphersMartin Willi2014-04-014-2/+8
| |
| * tls: Export a function to list supported TLS cipher suitesMartin Willi2014-04-012-18/+66
| |
| * tls: Create a unit-test runnerMartin Willi2014-04-016-0/+94
| |
| * unit-tests: Catch timeouts during test runner deinit functionMartin Willi2014-04-011-6/+18
| | | | | | | | | | | | The test runner deinit function often cancels all threads from the pool. This operation might hang on error conditions, hence we should include that hook in the test timeout to fail properly.
| * unit-tests: Prevent a failing worker thread to go wild after it failsMartin Willi2014-04-011-1/+2
|/ | | | | | A worker raises SIGUSR1 to inform the main thread that the test fails. The main thread then starts cancelling workers, but the offending thread should be terminated immediately to prevent it from test continuation.
* Test TLS AEAD cipher suitesAndreas Steffen2014-04-0110-10/+17
|
* Added Ubuntu 14.04 to IMV databaseAndreas Steffen2014-03-311-0/+24
|
* Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenarioAndreas Steffen2014-03-311-1/+1
|
* unit-tests: Always load address of testable functionsTobias Brunner2014-03-311-1/+1
| | | | | | | The addresses can actually change as plugins are loaded/unloaded for each test case. Fixes #551.
* settings: Reduce log verbosity if strongswan.conf does not existTobias Brunner2014-03-311-1/+10
| | | | | In some situations we expect strongswan.conf to not exist, for instance, when running the unit tests before installation.
* test-vectors: Renumber AES-GCM test vectors according to original sourceTobias Brunner2014-03-312-16/+100
| | | | Also adds several missing ones.
* Merge branch 'tls-aead'Martin Willi2014-03-3129-479/+1435
|\ | | | | | | | | | | Adds AEAD support to the TLS stack, currently supporting AES-GCM. Brings fixes for TLS record fragmentation, enforcing TLS versions < 1.2 and proper signature scheme support indication.
| * NEWS: Note TLS AEAD modeMartin Willi2014-03-311-0/+3
| |
| * tls: Fix some TLS cipher suite enum namesMartin Willi2014-03-311-3/+3
| | | | | | | | | | It is important to have them mapped correctly, as we use these official TLS identifiers to configure specific TLS suites.
| * tls: Include TLS version announced in Client Hello in encrypted premasterMartin Willi2014-03-311-1/+7
| | | | | | | | | | | | While a hardcoded 1.2 version is fine when we offer that in Client Hello, we should include the actually offered version if it has been reduced before starting the exchange.
| * tls: Check for minimal TLS record length before each record iterationMartin Willi2014-03-311-8/+8
| | | | | | | | | | | | Fixes fragment reassembling if a buffer contains more than one record, but the last record contains a partial TLS record header. Thanks to Nick Saunders and Jamil Nimeh for identifying this issue and providing a fix for it.
| * tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD foundMartin Willi2014-03-311-19/+52
| |
| * tls: Offer TLS signature schemes in ClientHello in order of preferenceMartin Willi2014-03-311-90/+59
| | | | | | | | | | Additionally, we now query plugin features to find out what schemes we exactly support.
| * tls: Define AES-GCM cipher suites from RFC 5288/5289Martin Willi2014-03-311-0/+54
| |
| * tls: Implement the TLS AEAD abstraction for real AEAD modesMartin Willi2014-03-314-8/+262
| |
| * tls: Separate TLS protection to abstracted AEAD modesMartin Willi2014-03-318-325/+874
| | | | | | | | | | | | To better separate the code path for different TLS versions and modes of operation, we introduce a TLS AEAD abstraction. We provide three implementations using traditional transforms, and get prepared for TLS AEAD modes.
| * aead: Support custom AEAD salt sizesMartin Willi2014-03-3117-43/+131
|/ | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeyingMartin Willi2014-03-311-0/+12
| | | | | Works around issues related to system time changes and kernel backends using that system time, such as Linux XFRM.
* revocation: Log error if no OCSP signer candidate foundMartin Willi2014-03-311-1/+1
| | | | Fixes evaluation of ikev2/ocsp-untrusted-cert.
* Merge branch 'ocsp-constraints'Martin Willi2014-03-313-46/+86
|\ | | | | | | | | | | | | Limits cached OCSP verification to responses signed by the CA, a directly delegated signer or a pre-installed OCSP responder certificate. Disables auth config merge for revocation trust-chain strength checkin, as it breaks CA constraints in some scenarios.
| * revocation: Restrict OCSP signing to specific certificatesMartin Willi2014-03-313-10/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | To avoid considering each cached OCSP response and evaluating its trustchain, we limit the certificates considered for OCSP signing to: - The issuing CA of the checked certificate - A directly delegated signer by the same CA, having the OCSP signer constraint - Any locally installed (trusted) certificate having the OCSP signer constraint The first two options cover the requirements from RFC 6960 2.6. For compatibility with non-conforming CAs, we allow the third option as exception, but require the installation of such certificates locally.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 21:25:47 +0000