aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* unit-tests: Added bliss_fft test suiteAndreas Steffen2014-11-295-0/+193
|
* Moved mgf1 class to libstrongswan/crypto/mgf1Andreas Steffen2014-11-297-62/+51
|
* Defined BLISS I and IV parameter setsAndreas Steffen2014-11-294-19/+365
|
* Added BLISS OIDs in ITA-HSR OID treeAndreas Steffen2014-11-291-0/+10
|
* Implemented Number Theoretic Transform using the FFT algorithmAndreas Steffen2014-11-298-3/+869
| | | | | | By pre-multiplying the input arrays with a linear phase the fast multiplication via FFT and inverse FFT computes a negative wrapped convolution corresponding to a modulus of x^n+1.
* Created framework for BLISS post-quantum signature algorithmAndreas Steffen2014-11-2910-5/+648
|
* watcher: Proper handle poll() POLLHUP/NVAL signalingMartin Willi2014-11-281-13/+36
| | | | | | | poll() may return POLLHUP or POLLNVAL for given file descriptors. To handle these properly, we signal them to the EXCEPT watcher state, if registered. If not, we call the read/write callbacks, so they can properly fail when trying to read from or write to the file descriptor.
* windows: Properly set errno for read/write functions using WinsockMartin Willi2014-11-281-4/+4
|
* windows: Move the compatibility header to the compat subfolderMartin Willi2014-11-214-6/+6
|
* apple: Wrap accept() and recvfrom() with poll(2) instead of selectMartin Willi2014-11-211-5/+11
|
* apple: Introduce a central compatibility header with all __APPLE__ quirksMartin Willi2014-11-216-87/+113
|
* watcher: Use Windows read/write(2) wrappers instead of compile-conditionsMartin Willi2014-11-211-8/+0
|
* windows: Provide a write(2) wrapper that uses send(2) on socketsMartin Willi2014-11-212-0/+22
|
* windows: Provide a read(2) wrapper that uses recv(2) on socketsMartin Willi2014-11-212-0/+25
|
* unit-tests: Test cancellability of some cancellation points we rely onMartin Willi2014-11-211-0/+192
|
* thread: Test for pending cancellation requests before poll()ing on OS XMartin Willi2014-11-211-0/+20
| | | | | As we are now using poll(2) instead of select(2), we need the work-around from 76dc329e for poll() as well.
* watcher: Use poll(2) instead of selectMartin Willi2014-11-211-24/+38
|
* tun-device: Read from tun to buffer on stack to avoid over-allocation of packetsMartin Willi2014-11-211-8/+6
| | | | | | | Instead of allocating MTU-sized buffers for each packet, read to a stack buffer and copy to an allocation of the actual packet size. While it requires an additional copy on non-Apple platforms, this should make allocation more efficient for small packets.
* tun-device: Remove the superfluous use of select() before read()Martin Willi2014-11-212-19/+6
|
* windows: Provide a poll(2) wrapper calling WSAPoll()Martin Willi2014-11-213-0/+40
|
* host: Ignore spaces around - when parsing rangesTobias Brunner2014-10-303-9/+23
|
* host: Add function to create two hosts from a range definitionTobias Brunner2014-10-303-0/+124
|
* constraints: Add permitted/excludedNameConstraints checkMartin Willi2014-10-303-0/+400
|
* constraints: Use a more specific FQDN/email name constraint matchingMartin Willi2014-10-301-22/+73
| | | | | | | While RFC 5280 is not very specific about the matching rules of subjectAltNames, it has some examples how to match email and FQDN constraints. We try to follow these examples, and restrict DNS names to subdomain matching and email to full email, host or domain matching.
* constraints: Add requireExplicitPolicy testsMartin Willi2014-10-301-0/+44
|
* constraints: Add inhibitAnyPolicy testsMartin Willi2014-10-301-0/+44
|
* constraints: Add inhibitPolicyMapping testsMartin Willi2014-10-301-4/+83
|
* constraints: Don't reject certificates with invalid certificate policiesMartin Willi2014-10-301-25/+97
| | | | | | | | | | | | Instead of rejecting the certificate completely if a certificate has a policy OID that is actually not allowed by the issuer CA, we accept it. However, the certificate policy itself is still considered invalid, and is not returned in the auth config resulting from trust chain operations. A user must make sure to rely on the returned auth config certificate policies instead of the policies contained in the certificate; even if the certificate is valid, the policy OID itself in the certificate are not to be trusted anymore.
* constraints: Add certificate policy and policy mapping unit testsMartin Willi2014-10-303-0/+472
|
* identification: Support custom types in string constructor prefixesMartin Willi2014-10-303-0/+48
|
* identification: Support prefixes in string constructors for an explicit typeMartin Willi2014-10-303-0/+58
|
* unit-tests: Re-align identification_create_from_string() unit test table dataMartin Willi2014-10-301-52/+52
|
* threading: Support rwlock try_write_lock() on WindowsMartin Willi2014-10-301-2/+0
| | | | | | | | | | | We explicitly avoided TryAcquireSRWLockExclusive() because of crashes. This issue was caused by a MinGW-w64 bug (mingw-w64 fix 46f77afc). Using a newer toolchain works fine. While try_write_lock() obviously can fail, not supporting it is not really an option, as some algorithms depend on occasionally successful calls. Certificate caching in the certificate manager and the cred_set cache rely on successful try_write_lock()ing.
* threading: Add a more explicit rwlock try_write_lock() testingMartin Willi2014-10-301-0/+44
|
* cert-cache: Prevent that a cached issuer is freed too earlyTobias Brunner2014-10-241-7/+10
| | | | | | | | Previously we got no reference to the cached issuer certificate before releasing the lock of the cache line, this allowed other threads, or even the same thread if it replaces a cache line, to destroy that issuer certificate in cache() (or flush()) before get_ref() for the issuer certificate is finally called.
* unit-tests: Fix internet checksum tests on big-endian systemsTobias Brunner2014-10-231-4/+9
| | | | | | | We actually need to do a byte-swap, which ntohs() only does on little-endian systems. Fixes #747.
* chunk: Fix internet checksum calculation on big-endian systemsTobias Brunner2014-10-231-1/+1
| | | | | | | ntohs() might be defined as noop (#define ntohs(x) (x)) so we have to manually shorten the negated value (gets promoted to an int). Fixes #747.
* backtrace: Fix symbol lookup in dynamic symtab via libbfdTobias Brunner2014-10-141-0/+1
|
* thread: Test for pending cancellation requests before select()ing on OS XMartin Willi2014-10-141-0/+28
| | | | | | This fixes some vici test cases on OS X, where the test thread tries to cancel the watcher thread during cleanup, but fails as select() does not honor the pre-issued cancellation request.
* process: Don't use the shells built-in echo in testsMartin Willi2014-10-141-1/+1
| | | | On OS X, the /bin/sh built-in echo does not support -n.
* process: Don't use absolute path names for true/false/cat in unit testsMartin Willi2014-10-141-4/+10
| | | | | But use the (builtin) shell commands instead, as on OS X true/false are under /usr/bin.
* process: Include missing <signal.h> for raise(3)Martin Willi2014-10-141-0/+1
| | | | Fixes OS X build.
* watcher: Doxygen comment fixedTobias Brunner2014-10-131-1/+1
|
* packet: Define a global default maximum size for IKE packetsTobias Brunner2014-10-101-0/+5
|
* process: Add a wrapper to invoke a command under the system default shellMartin Willi2014-10-063-0/+110
|
* process: Port child process spawning to the Windows platformMartin Willi2014-10-062-1/+315
|
* process: Provide an abstraction to spawn child processes with redirected I/OMartin Willi2014-10-067-3/+490
|
* library: Allow specifying the path to strongswan.conf in the STRONGSWAN_CONF ↵Shea Levy2014-10-021-1/+1
| | | | env var
* curl: For SSL features, depend on thread-safety provided by our crypto pluginsMartin Willi2014-09-243-7/+57
| | | | | | | | | To use SSL in curl, we need to initialize the SSL library in a thread-safe manner and provide the appropriate callbacks. As we already do that in our crypto plugins using these libraries, we depend on these features. This implies that we need the same plugin enabled (openssl, gcrypt) as the curl backend is configured to use to fetch from HTTPS URIs.
* curl: Dynamically query supported protocols and register appropriate featuresMartin Willi2014-09-241-10/+64
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 19:27:29 +0000