aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* nm: Don't do <deny send_interface="..." /> in dbus service fileLubomir Rintel2016-09-051-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally. This blocks messages completely unrelated to strongSwan's VPN plugin, such as NetworkManager communication with the VPN plugins. From the dbus-daemon manual: Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/> We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway. Closes strongswan/strongswan#42.
* nm: Move the D-Bus policy to charon-nmLubomir Rintel2016-09-053-5/+5
| | | | It's needed for useful use of charon-nm, unlike the GUI.
* nm: Add AppStream metadataLubomir Rintel2016-09-055-1/+51
| | | | | | | This will ensure the strongSwan NetworkManager plugin will be easily installable from the app stores such as GNOME Software. Closes strongswan/strongswan#41.
* pt-tls-client: Added support of ECDSA keysAndreas Steffen2016-08-311-7/+23
|
* libimcv: No need to load AIK pubkey if AIK certificate is availableAndreas Steffen2016-08-311-13/+16
|
* swanctl: Document how DH groups in CHILD_SA proposals are appliedTobias Brunner2016-08-311-6/+13
| | | | References #1039.
* padlock: Use builtin bswap32() to fix compilation on FreeBSDTobias Brunner2016-08-311-6/+5
| | | | Fixes #591.
* proposal: Use proper list to get function pointer when adding custom parserThomas Egerer2016-08-291-1/+1
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* android: Add missing xof.c fileTobias Brunner2016-08-291-0/+1
| | | | Fixes #2093.
* xof: Add header to dev headersTobias Brunner2016-08-291-1/+2
|
* ikev1: Don't require AH mapping for integrity algorithm when generating proposalThomas Egerer2016-08-251-6/+9
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* libtpmtss: TCTI finalization call changedAndreas Steffen2016-08-251-1/+2
|
* pki: Allow to load CRLs from files in --verifyTobias Brunner2016-08-252-3/+21
|
* ikev1: Ignore the last two bytes of the Cisco Unity vendor IDTobias Brunner2016-08-241-0/+3
| | | | | | | | | These seem to indicate the major and minor version of the protocol, like e.g. for the DPD vendor ID. Some implementations seem to send versions other than 1.0 so we just ignore these for now when checking for known vendor IDs. Fixes #2088.
* utils: Fix definition of BYTE_ORDER with MinGWTobias Brunner2016-08-241-1/+5
|
* ikev1: Accept more than one certificate payload in aggressive modeTobias Brunner2016-08-171-2/+2
| | | | Fixes #2085.
* unit-tests: Removed unused variableAndreas Steffen2016-08-111-2/+0
|
* unit-tests: Created newhope unit-testsAndreas Steffen2016-08-109-7/+1338
|
* Created newhope plugin implementing the New Hope key exchange algorithmAndreas Steffen2016-08-1014-1/+1348
|
* xof: Added ChaCha20 stream as XOFAndreas Steffen2016-08-069-3/+311
|
* utils: Defined uletoh16() and htole16()Andreas Steffen2016-08-061-0/+42
|
* integrity-test: Added ntru_param_sets to read-only segmentAndreas Steffen2016-07-297-36/+96
|
* integrity-test: Added bliss_param_sets to read-only segmentAndreas Steffen2016-07-2914-63/+68
|
* integrity-test: check code and ro segments of libnttfftAndreas Steffen2016-07-298-32/+51
|
* Created libnttfftAndreas Steffen2016-07-2919-121/+258
| | | | | This makes Number Theoretic Transforms (NTT) based on the efficient Fast-Fourier-Transform (FFT) available to multiple plugins.
* Share twiddle factors table between 512 and 1024 point FFTAndreas Steffen2016-07-293-134/+14
|
* Implemented FFT with n = 1024 and q = 11289 using Montgomery arithmeticAndreas Steffen2016-07-293-8/+495
|
* bliss: Implemented FFT with fast Montgomery arithmeticAndreas Steffen2016-07-298-102/+294
|
* xof: Implemented SHAKE128 and SHAKE256 Extended Output FunctionsAndreas Steffen2016-07-2911-415/+1293
|
* xof: Defined Extended Output FunctionsAndreas Steffen2016-07-2914-5/+539
|
* vici: Increased various string buffers to BUF_LEN (512 bytes)Andreas Steffen2016-07-292-5/+5
|
* integrity-test: Added charon-systemdAndreas Steffen2016-07-291-0/+4
|
* Added SHA-3 signature OIDsAndreas Steffen2016-07-261-1/+10
|
* libcharon: Add exchange_tests to .gitignoreTobias Brunner2016-07-251-0/+1
|
* unit-tests: Decreased loop count of FFT speed test to 10'000Andreas Steffen2016-07-221-1/+1
|
* unit-tests: Added bliss_fft_speed testAndreas Steffen2016-07-221-1/+42
|
* libtpmtss: Use pkconfig to configure TSS 2.0 includes and librariesAndreas Steffen2016-07-203-4/+7
|
* ike1: Flush active queue when queueing a delete of the IKE_SATobias Brunner2016-07-191-0/+3
| | | | | | | | | | | By aborting the active task we don't have to wait for potential retransmits if the other peer does not respond to the current task. Since IKEv1 has no sequential message IDs and INFORMATIONALs are no real exchanges this should not be a problem. Fixes #1537 References #429, #1410 Closes strongswan/strongswan#48
* Fixed some typos, courtesy of codespellTobias Brunner2016-07-045-5/+5
|
* imcv: Added EFI HCRTM eventAndreas Steffen2016-06-301-2/+7
|
* aikgen: Fix computation of key ID of the AIK public keyTobias Brunner2016-06-301-7/+8
| | | | We don't have direct access to the modulus and exponent of the key anymore.
* libtpmtss: Define missing Doxygen group and fix some commentsTobias Brunner2016-06-305-7/+9
|
* libimcv: Fix Doxygen commentTobias Brunner2016-06-301-1/+1
|
* ikev1: Add support for extended sequence numbersThomas Egerer2016-06-291-3/+17
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* plugin-loader: Allow selective modification of the default plugin listTobias Brunner2016-06-291-10/+24
| | | | | | | This change allows selectively modifying the default plugin list by setting the `load` setting of individual plugins (e.g. to disable them or to change their priority) without enabling charon.load_modular and having to configure a section and a load statement for every plugin.
* leak-detective: Try to properly free allocations after deinitializationTobias Brunner2016-06-291-0/+13
| | | | | | | | If a function we whitelist allocates memory while leak detective is enabled but only frees it after LD has already been disabled, free() will get called with invalid pointers (not pointing to the actually allocated memory by LD), which will cause checks in the C library to fail and the program to crash. This tries to detect such cases and calling free with the correct pointer.
* openssl: Whitelist OPENSSL_init_crypto() and others in leak detectiveTobias Brunner2016-06-291-0/+4
| | | | | | | | | Lots of static data is allocated in this function, which isn't freed until the library is unloaded (we can't call OPENSSL_cleanup() as initialization would fail when calling it again later). When enabling the leak detective the test runner eventually crashes as all the data allocated during initialization has an invalid size when freed after leak detective has been unloaded.
* openssl: Update GCM/crypter API to OpenSSL 1.1.0Tobias Brunner2016-06-291-13/+13
|
* openssl: Update HMAC API to OpenSSL 1.1.0Tobias Brunner2016-06-291-9/+25
|
* openssl: Don't use deprecated RAND_pseudo_bytes()Tobias Brunner2016-06-291-7/+0
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 23:10:11 +0000