aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * android: Unregister listener in case of error alertsTobias Brunner2016-12-081-3/+9
| | | | | | | | | | | | | | | | This avoids triggering additional errors via e.g. ike_updown() that might cause the error message displayed in the GUI to change if the status fragment is recreated. References #2134.
| * android: Report an error for invalid integer valuesTobias Brunner2016-12-081-4/+27
| | | | | | | | | | Previously we'd just ignore the invalid values without notifying the user.
| * android: Propose curve25519 in the ESP proposalsTobias Brunner2016-12-081-3/+3
| |
| * android: Enable curve25519 plugin in the appTobias Brunner2016-12-081-1/+1
| |
| * android: Optionally build the curve25519 pluginTobias Brunner2016-12-081-0/+2
| |
| * android: Propose ChaCha20/Poly1305 in the ESP AEAD proposalsTobias Brunner2016-12-081-2/+3
| |
| * android: Enable chapoly plugin in the appTobias Brunner2016-12-081-1/+1
| |
| * android: Optionally build the chapoly pluginTobias Brunner2016-12-081-0/+2
| |
| * android: Update Gradle plugin and wrapperTobias Brunner2016-12-082-3/+3
|/
* ikev1: Minor code optimization in task managerThomas Egerer2016-12-071-11/+5
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* travis: The xcode7.3 image is now the defaultTobias Brunner2016-12-021-1/+0
|
* travis: Output config.log on failureTobias Brunner2016-12-021-0/+3
|
* configure: Check for actual functions in libraries with AC_CHECK_LIBTobias Brunner2016-12-021-27/+32
| | | | | | | | | | | | | | | | | Checking for `main` produces code like this in the test program: int main () { return main (); ; return 0; } This recursive call results in a warning message with some compilers (e.g. Clang in newer Xcode versions: "all paths through this function will call itself [-Winfinite-recursion]"), which lets the tests fail when compiling with -Werror.
* plugin-loader: Strip '!' from critical plugin names when setting pathsTobias Brunner2016-11-181-1/+1
|
* child-sa: Use single return statement in update_usebytes()Thomas Egerer2016-11-181-4/+8
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* proposal: Remove RFC 5114 MODP DH groups from default proposalMartin Willi2016-11-151-2/+4
| | | | | | | | | | | | | | Recent research demonstrates that at least for 1024-bit DH groups, it is possible to create specially crafted primes having a backdoor. From the prime itself this is not detectable, creating a perfect NOBUS attack. http://eprint.iacr.org/2016/961 For the primes defined in RFC 5114 no information is provided on how these have been selected. In the default proposal we included one of the 2048-bit primes only, where it is questionable if constructing a backdoored prime is feasible. Nevertheless, this patch removes the group from the set of default proposals as well.
* Version bump to 5.5.2dr25.5.2dr2Andreas Steffen2016-11-143-3/+6
|
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-14820-1072/+1050
|
* proposal: Add curve25519 and curve448 to default proposalTobias Brunner2016-11-141-0/+2
|
* configure: Enable curve25519 plugin by defaultTobias Brunner2016-11-141-1/+1
|
* curve22519: Add a portable backend implemented in plain CMartin Willi2016-11-144-0/+647
|
* curve25519: Add a plugin providing Curve25519 DH using backend driversMartin Willi2016-11-149-0/+473
|
* dh-speed: Compare the shared secrets for equality after testMartin Willi2016-11-141-3/+7
|
* dh-speed: Include the get_my_public_value() call in public exponent timingMartin Willi2016-11-141-4/+4
| | | | | This fixes results where a DH backend does not generate the public value in the constructor internally.
* dh-speed: Add an identifier to test curve25519 performanceMartin Willi2016-11-141-0/+1
|
* test-vectors: Add a Curve25519 DH test vectorMartin Willi2016-11-143-0/+36
|
* proposal: Add a curve25519 proposal keywordMartin Willi2016-11-141-0/+1
|
* diffie-hellman: Add DH group identifiers for Curve25519 and Curve448Martin Willi2016-11-142-3/+14
|
* bus: Re-add ampersand that got lost in refactoringTobias Brunner2016-11-141-1/+1
| | | | | Fixes: 4af02c6c61cf ("bus: Fix maximum log level for different groups after removal of a logger")
* peer-cfg: Fix memory leak when replacing child configsTobias Brunner2016-11-111-0/+1
| | | | | Fixes: 622c2b2c3386 ("peer-cfg: Add method to atomically replace child configs")
* bus: Fix maximum log level for different groups after removal of a loggerTobias Brunner2016-11-111-5/+5
| | | | | | | The log level was incorrectly set to the same value for all groups. Fixes: dac15e03c828 ("bus: Fix maximum log levels when mixing log/vlog implementing loggers")
* farp: Fix BPF jump false offsetVolker RĂ¼melin2016-10-311-1/+1
| | | | Jump to BPF_STMT(BPF_RET+BPF_K, 0) if protocol_size != 4
* Version bump to 5.5.2dr15.5.2dr1Andreas Steffen2016-10-303-3/+10
|
* Fixed in-place update of cached base and delta CRLsAndreas Steffen2016-10-301-4/+4
|
* Newer CRLs replace older versions of the CRL in the cacheAndreas Steffen2016-10-261-0/+39
|
* connmark: Add CAP_NET_RAW to capabilities keep listTim Kent2016-10-251-0/+6
| | | | | | | | | Fix for "Permission denied (you must be root)" error when calling iptc_init(), which opens a RAW socket to communicate with the kernel, when built with "--with-capabilities=libcap". Closes strongswan/strongswan#53. Fixes #2157.
* Version bump to 5.5.15.5.1Andreas Steffen2016-10-204-3/+13
|
* nm: Enable IKE fragmentationTobias Brunner2016-10-201-1/+1
|
* Version bump to 5.5.1rc25.5.1rc2Andreas Steffen2016-10-182-3/+3
|
* testing: Renewed expired certificatesAndreas Steffen2016-10-1813-140/+221
|
* added XOF dependencies of bliss and ntru pluginsAndreas Steffen2016-10-182-4/+26
|
* testing: enable MACsec in guest kernelAndreas Steffen2016-10-181-1/+1
|
* configure: Reorder mgf1 in list of crypto pluginsTobias Brunner2016-10-181-1/+1
|
* newhope: Fix Doxygen group nameTobias Brunner2016-10-141-1/+1
|
* libnttfft: Fix Doxygen groupTobias Brunner2016-10-141-1/+3
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-10-142-3/+3
|
* newhope: Properly release allocated arrays if RNG can't be createdTobias Brunner2016-10-141-8/+8
|
* nm: Add D-Bus policy to the distributionTobias Brunner2016-10-141-0/+2
|
* nm: Version bump to 1.4.1Tobias Brunner2016-10-142-1/+6
|
* kernel-netlink: Fix get_route() interface determinationChristophe Gouault2016-10-121-2/+2
| | | | | | | | | | | | A wrong variable is used (route instead of best), so much that the returned interface belongs to the last seen route instead of the best choice route. get_route() may therefore return mismatching interface and gateway. Fixes: 66e9165bc686 ("kernel-netlink: Return outbound interface in get_nexthop()") Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 16:47:05 +0000