aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* utils: Provide a fmemopen(3) fallback using BSD funopen()Martin Willi2013-10-242-0/+61
|
* Added some example Debian SWID tagsAndreas Steffen2013-10-238-1/+211
|
* pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOBTobias Brunner2013-10-2311-74/+54
| | | | This allows more than one builder to try parsing the data read from STDIN.
* chunk: Add helper function to create a chunk from data read from a file ↵Tobias Brunner2013-10-232-0/+40
| | | | descriptor
* semaphore: Support cancellation in wait functions of semaphore fallbackMartin Willi2013-10-231-4/+6
| | | | | Semaphore wait functions should be a thread cancellation point, but did not properly release the mutex in the fallback implementation.
* rwlock: Re-acquire rwlock even if condvar wait times outMartin Willi2013-10-231-1/+1
| | | | | A caller expects that the associated rwlock is held, whether the condvar gets signaled or the wait times out.
* Updated and split data.sqlAndreas Steffen2013-10-231-37/+97
|
* Support Ubuntu 13.10 measurementsAndreas Steffen2013-10-212-1/+46
|
* check it specified IF-TNCCS protocol is enabledAndreas Steffen2013-10-211-0/+6
|
* kernel-netlink: Check existence of linux/fib_rules.h, don't include it in ↵Tobias Brunner2013-10-183-76/+11
| | | | | | distribution This reverts commit b0761f1f0a5abd225edc291c8285f99a538e6a66.
* updown: Properly configure ICMP[v6] message type and code in firewall rulesTobias Brunner2013-10-171-4/+29
|
* updown: Pass ICMP[v6] message type and code to updown scriptTobias Brunner2013-10-172-4/+27
| | | | The type is passed in $PLUTO_MY_PORT and the code in $PLUTO_PEER_PORT.
* kernel-pfkey: Install ICMP[v6] type/code as expected by the Linux kernelTobias Brunner2013-10-171-19/+52
|
* kernel-netlink: Convert ports in acquires to ICMP[v6] type and codeTobias Brunner2013-10-171-3/+8
|
* kernel-netlink: Properly install policies with ICMP[v6] types and codesTobias Brunner2013-10-171-1/+12
|
* traffic-selector: Print ICMP[v6] message type and code in a more readable wayTobias Brunner2013-10-171-4/+35
|
* traffic-selector: Store ICMP[v6] message type and code properlyTobias Brunner2013-10-172-8/+70
| | | | We now store them as defined in RFC 4301, section 4.4.1.1.
* traffic-selector: Move class to its own Doxygen groupTobias Brunner2013-10-172-1/+4
|
* proposal: Add ECC Brainpool DH groups to the default proposalTobias Brunner2013-10-171-0/+4
|
* openssl: Add workaround if ECC Brainpool curves are not definedTobias Brunner2013-10-171-11/+247
|
* openssl: Add support for ECC Brainpool curves for DH, if defined by OpenSSLTobias Brunner2013-10-172-6/+51
| | | | OpenSSL does not include them in releases before 1.0.2.
* ecc: Added ECC Brainpool ECDH groups as registered with IANAAndreas Steffen2013-10-173-3/+20
|
* unit-tests: Make test for bio_writer_t more portableTobias Brunner2013-10-171-2/+8
|
* libipsec: Don't print ciphertext with ICV in log messageTobias Brunner2013-10-171-1/+2
|
* libipsec: Properly calculate padding length especially for AES-GCMTobias Brunner2013-10-171-1/+3
|
* utils: Add utility function to calculate padding lengthTobias Brunner2013-10-172-13/+24
|
* stroke: Reuse reqids of established CHILD_SAs when routing connectionsTobias Brunner2013-10-171-1/+45
|
* trap-manager: Make sure a config is not trapped twiceTobias Brunner2013-10-171-4/+16
|
* Doxygen fixesTobias Brunner2013-10-157-11/+8
|
* Set recommendation in the case of PCR measurement failuresAndreas Steffen2013-10-133-6/+27
|
* Add linux/fip_rules.h to include filesAndreas Steffen2013-10-132-3/+75
|
* Revert refactoring which broke CentOS buildAndreas Steffen2013-10-131-1/+1
|
* checksum: The pool utility was moved to its own directoryTobias Brunner2013-10-111-1/+1
|
* ccm: Add missing comma in get_iv_gen method signatureTobias Brunner2013-10-111-1/+1
|
* iv-gen: Add missing header files to Makefile.amTobias Brunner2013-10-111-0/+1
|
* iv_gen: Mask sequential IVs with a random saltTobias Brunner2013-10-111-0/+24
| | | | | This makes it harder to attack a HA setup, even if the sequence numbers were not fully in sync.
* iv_gen: Provide external sequence number (IKE, ESP)Tobias Brunner2013-10-117-23/+18
| | | | This prevents duplicate sequential IVs in case of a HA failover.
* ipsec: Use IV generator to encrypt ESP messagesTobias Brunner2013-10-112-9/+7
|
* ikev2: Use IV generator to encrypt encrypted payloadTobias Brunner2013-10-111-1/+9
|
* iv_gen: aead_t implementations provide an IV generatorTobias Brunner2013-10-116-1/+84
|
* iv_gen: Add IV generator that allocates IVs sequentiallyTobias Brunner2013-10-114-2/+121
|
* iv_gen: Add IV generator that allocates IVs randomlyTobias Brunner2013-10-114-0/+113
| | | | Uses RNG_WEAK as the code currently does elsewhere to allocate IVs.
* crypto: Add generic interface for IV generatorsTobias Brunner2013-10-112-1/+60
|
* apidoc: Move mac_prf to prf Doxygen groupTobias Brunner2013-10-111-1/+1
|
* eap-radius: Forward RAT_FRAMED_IP_NETMASK as INTERNAL_IP4_NETMASKTobias Brunner2013-10-111-0/+5
|
* eap-radius: Forward UNITY_SPLIT_INCLUDE or UNITY_LOCAL_LAN attributesTobias Brunner2013-10-111-0/+93
| | | | | | | | | | | | | | | Depending on the value of the CVPN3000-IPSec-Split-Tunneling-Policy(55) radius attribute, the subnets in the CVPN3000-IPSec-Split-Tunnel-List(27) attribute are sent in either a UNITY_SPLIT_INCLUDE (if the value is 1) or a UNITY_LOCAL_LAN (if the value is 2). So if the following attributes would be configured for a RADIUS user CVPN3000-IPSec-Split-Tunnel-List := "10.0.1.0/255.255.255.0,10.0.2.0/255.255.255.0" CVPN3000-IPSec-Split-Tunneling-Policy := 1 A UNITY_SPLIT_INCLUDE configuration payload containing these two subnets would be sent to the client during the ModeCfg exchange.
* eap-radius: Forward UNITY_DEF_DOMAIN and UNITY_SPLITDNS_NAME attributesTobias Brunner2013-10-111-3/+25
| | | | | | The contents of the CVPN3000-IPSec-Default-Domain(28) and CVPN3000-IPSec-Split-DNS-Names(29) radius attributes are forwarded in the corresponding Unity configuration attributes.
* dnscert: Add DNS CERT support for pubkey authenticationRuslan N. Marchenko2013-10-118-0/+828
| | | | | | | | | | | Add DNSSEC protected CERT RR delivered certificate authentication. The new dnscert plugin is based on the ipseckey plugin and relies on the existing PEM decoder as well as x509 and PGP parsers. As such the plugin expects PEM encoded PKIX(x509) or PGP(GPG) certificate payloads. The plugin is targeted to improve interoperability with Racoon, which supports this type of authentication, ignoring in-stream certificates and using only DNS provided certificates for FQDN IDs.
* ipseckey: Properly handle failure to create a certificateTobias Brunner2013-10-111-33/+28
| | | | Also, try the next key (if available) if parsing an IPSECKEY failed.
* ipseckey: Refactor creation of certificate enumeratorTobias Brunner2013-10-111-86/+81
| | | | Reduces nesting and fixes a memory leak (rrsig_enum).
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 09:28:53 +0000