aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* | Make number of concurrently handled stroke messages configurable.Tobias Brunner2011-12-291-2/+9
| |
* | Limit the number of concurrently handled stroke messages.Tobias Brunner2011-12-291-18/+104
| | | | | | | | This avoids clogging the thread pool with potentially blocking jobs.
* | register aik certificate via ipsec attestAndreas Steffen2011-12-254-10/+54
| |
* | Be less verbose about TLS extensionsMartin Willi2011-12-241-1/+1
| |
* | In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash ↵Martin Willi2011-12-241-20/+20
| | | | | | | | function
* | Added a getter for the tls_socket file descriptorMartin Willi2011-12-242-0/+14
| |
* | Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.Tobias Brunner2011-12-236-14/+16
| |
* | Avoid integer overflow when parsing ASN.1 dates.Tobias Brunner2011-12-231-2/+2
| | | | | | | | This only works properly if sizeof(time_t) > 4.
* | pki: Avoid integer overflow when calculating certificate lifetimes.Tobias Brunner2011-12-233-3/+3
| | | | | | | | This only works properly if sizeof(time_t) > 4.
* | Properly ASN.1 encode dates in certificates depending on the year.Tobias Brunner2011-12-236-16/+21
| |
* | pluto: Fixed expiration date test.Tobias Brunner2011-12-231-2/+1
| |
* | Fix deadlock in trap_manager_t during acquire.Tobias Brunner2011-12-231-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fixes a TOCTOU issue regarding the use of entry_t.pending. The deadlock was caused because the rwlock was being locked while waiting for an IKE_SA. Triggering the deadlock was a bit tricky, here is the description by Thomas Egerer (the reporter of this issue): " The deadlock occurs when the following happens (in the given order): a) an IKE_SA is built and a thread is processing the IKE_AUTH request, which can take a bit longer when a smartcard is involved. This causes the ike_sa_manager to lock a particular IKE_SA exclusively. b) an acquire is triggered which causes the rwlock in the trap_manager to be read-locked, the subsequent call to ike_sa_manager->checkout_by_config has to wait until a) unlocks it's ike_sa. c) a child_cfg contained in the peer_cfg belonging to the ike_sa a) has locked is routed causes the child_configs contained in the peer config to be locked by c) while the actual routing code within trap_manager tries to writelock it's rwlock. That's about it. As soon as a) finishes authentication of the peer and tries to find a matching child sa it will try to lock the child configs of the peer config which is not possible since it has been locked by c). Thread | Resource locked | Resource desired -------+--------------------------------+-------------------------------- (a) | ike_sa in ike_sa_manager | child_cfgs of peer_cfg | | (b) | rwlock in trap-manager (read) | ike_sa in ike_sa_manager | | (c) | child_cfgs of peer_cfg | rwlock in trap-manager (write) " With this patch thread (b) now does not hold the lock while waiting for the IKE_SA. Thus (c) can get the write lock, and (a) can subsequently lock the mutex in the peer_cfg which then finally allows (b) to checkout the IKE_SA.
* | Added atomic compare and swap operations.Tobias Brunner2011-12-232-0/+48
| | | | | | | | Using a GCC atomic builtin if available or a global mutex otherwise.
* | Fixed flush() method of trap_manager_t.Tobias Brunner2011-12-231-3/+9
| | | | | | | | | | A segmentation fault could have happened during destruction of the trap manager after calling flush().
* | additional state waiting for the EvidenceFinal attribute responseAndreas Steffen2011-12-202-0/+8
| |
* | moved send_message() in front of recommendation evaluationAndreas Steffen2011-12-184-20/+21
| |
* | added case IMV_ATTESTATION_STATE_ENDAndreas Steffen2011-12-182-5/+3
| |
* | TrouSerS expects a bitmask field length of at least 3 bytesSansar Choinyambuu2011-12-181-1/+5
| |
* | build PA-TNC message only if there are PA-TNC attributes to sendAndreas Steffen2011-12-183-20/+43
| |
* | destroy attributes, tooAndreas Steffen2011-12-181-1/+1
| |
* | added reference counts to all PA-TNC attribute classesAndreas Steffen2011-12-1819-56/+405
| |
* | reworded comments and debug outputAndreas Steffen2011-12-181-13/+20
| |
* | Prepend Debian string to Debian versionAndreas Steffen2011-12-181-7/+19
| |
* | removed unused variableAndreas Steffen2011-12-161-1/+0
| |
* | moved management of additional IMC/IMV IDs to agentAndreas Steffen2011-12-167-83/+146
| |
* | Also log PGP parsing in ASN log group.Tobias Brunner2011-12-162-19/+19
| |
* | Log messages for PKCS1 and PEM parsing in ASN log group.Tobias Brunner2011-12-162-11/+11
| |
* | Log most X.509 related messages in new ASN log group.Tobias Brunner2011-12-165-57/+57
| |
* | Log ASN.1 parsing in new ASN debug group.Tobias Brunner2011-12-162-26/+26
| |
* | Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509).Tobias Brunner2011-12-164-2/+7
| | | | | | | | | | This will allow us to remove quite some clutter from the LIB debug group for higher debug levels.
* | Log native thread ID when a thread is created.Tobias Brunner2011-12-161-1/+16
| | | | | | | | | | If possible gettid() is used, otherwise pthread_self() is logged (which is not completely portable, but seems to work on most supported platforms).
* | Log worker thread ID with two digits.Tobias Brunner2011-12-161-2/+2
| |
* | fixed caption alignmentAndreas Steffen2011-12-161-1/+2
| |
* | Revert "fixed caption alignment"Andreas Steffen2011-12-162-6/+1
| | | | | | | | This reverts commit d463def798ed339b143ee9500c2781532394171e.
* | fixed caption alignmentAndreas Steffen2011-12-162-1/+6
| |
* | Make sure the certificate cache is flushed when plugins are unloaded.Tobias Brunner2011-12-153-0/+6
| | | | | | | | | | This avoids segmentation faults when plugins implementing cert_t are already unloaded when the cache is flushed during destruction.
* | Always unlock mutex for installed policies in kernel-netlink plugin.Thomas Egerer2011-12-141-1/+5
| |
* | Added missing libsimaka files to Android.mk.Tobias Brunner2011-12-141-0/+2
| |
* | Destroy mediation managers before unloading plugins.Tobias Brunner2011-12-141-4/+4
| |
* | upgraded Test IMC/IMV pair to fully support multple IMC IDsAndreas Steffen2011-12-114-81/+144
| |
* | added IETF standard error handling methodAndreas Steffen2011-12-118-185/+112
| |
* | implemented IMC/IMV ReceiveMessageLong functionsAndreas Steffen2011-12-0911-128/+467
| |
* | added IMC/IMV support for send_message_long() and reserve_additional_id() ↵Andreas Steffen2011-12-0914-31/+332
| | | | | | | | functions
* | store the long and excl flags in the connection stateAndreas Steffen2011-12-0910-1/+245
| |
* | IMC/IMV gets v1.3 attributes from TNCC/TNCSAndreas Steffen2011-12-092-12/+162
| |
* | implemented ReportMessageTypesLongAndreas Steffen2011-12-082-17/+91
| |
* | implemented IF-IMC/IMV 1.3 attributesAndreas Steffen2011-12-084-23/+229
| |
* | added TNC_TNCC_GetAttribute() and TNC_TNCC_SetAttribute() functionsAndreas Steffen2011-12-084-14/+67
| |
* | added TNC_IMC_ReceiveMessageLong() and TNC_IMV_ReceiveMessageLong() supportAndreas Steffen2011-12-0810-69/+192
| |
* | fixed typo in function nameAndreas Steffen2011-12-081-1/+1
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-18 16:59:51 +0000