aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
| * Added Ed25519 ref10 implementation from libsodiumAndreas Steffen2016-12-1413-16/+5789
| |
| * Added support of EdDSA signaturesAndreas Steffen2016-12-1431-55/+900
| |
* | vici: Check for closed connection in Python bindingsWeilu Jia2016-12-141-1/+4
|/ | | | | | | The Python VICI library does not check if the socket is closed. If the daemon closes the connection, _recvall() spins forever. Closes strongswan/strongswan#56.
* kernel-netlink: Add support for AES-CMAC-96 (RFC 4494)Tobias Brunner2016-12-121-0/+1
| | | | The kernel apparently supports this since 3.10.
* android: New release after re-adding support for ECC Brainpool curvesTobias Brunner2016-12-101-2/+2
|
* openssl: BoringSSL doesn't provide curve data for ECC Brainpool curvesTobias Brunner2016-12-101-1/+4
|
* android: New release after fixing libtpmtss issueTobias Brunner2016-12-091-2/+2
|
* android: Make sure libtpmtss is loaded on older systemsTobias Brunner2016-12-093-1/+3
| | | | | On newer Android systems this seems to happen automatically (or does at least not cause crashes if the library is not loaded).
* android: New release after adding notificationTobias Brunner2016-12-081-2/+2
|
* android: Ensure that the certificates are loaded when accessing them via JNITobias Brunner2016-12-081-1/+1
|
* android: Add a public notificationTobias Brunner2016-12-081-6/+10
|
* android: Display a permanent notification while connectedTobias Brunner2016-12-089-27/+120
| | | | | This forces the service to run in the foreground, meaning the system won't kill it when low on memory.
* android: Log any installed DNS serversTobias Brunner2016-12-081-1/+1
|
* android: Unregister listener in case of error alertsTobias Brunner2016-12-081-3/+9
| | | | | | | | This avoids triggering additional errors via e.g. ike_updown() that might cause the error message displayed in the GUI to change if the status fragment is recreated. References #2134.
* android: Report an error for invalid integer valuesTobias Brunner2016-12-081-4/+27
| | | | | Previously we'd just ignore the invalid values without notifying the user.
* android: Propose curve25519 in the ESP proposalsTobias Brunner2016-12-081-3/+3
|
* android: Enable curve25519 plugin in the appTobias Brunner2016-12-081-1/+1
|
* android: Optionally build the curve25519 pluginTobias Brunner2016-12-081-0/+2
|
* android: Propose ChaCha20/Poly1305 in the ESP AEAD proposalsTobias Brunner2016-12-081-2/+3
|
* android: Enable chapoly plugin in the appTobias Brunner2016-12-081-1/+1
|
* android: Optionally build the chapoly pluginTobias Brunner2016-12-081-0/+2
|
* android: Update Gradle plugin and wrapperTobias Brunner2016-12-082-3/+3
|
* ikev1: Minor code optimization in task managerThomas Egerer2016-12-071-11/+5
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* plugin-loader: Strip '!' from critical plugin names when setting pathsTobias Brunner2016-11-181-1/+1
|
* child-sa: Use single return statement in update_usebytes()Thomas Egerer2016-11-181-4/+8
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* proposal: Remove RFC 5114 MODP DH groups from default proposalMartin Willi2016-11-151-2/+4
| | | | | | | | | | | | | | Recent research demonstrates that at least for 1024-bit DH groups, it is possible to create specially crafted primes having a backdoor. From the prime itself this is not detectable, creating a perfect NOBUS attack. http://eprint.iacr.org/2016/961 For the primes defined in RFC 5114 no information is provided on how these have been selected. In the default proposal we included one of the 2048-bit primes only, where it is questionable if constructing a backdoored prime is feasible. Nevertheless, this patch removes the group from the set of default proposals as well.
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-141-1/+1
|
* proposal: Add curve25519 and curve448 to default proposalTobias Brunner2016-11-141-0/+2
|
* curve22519: Add a portable backend implemented in plain CMartin Willi2016-11-144-0/+647
|
* curve25519: Add a plugin providing Curve25519 DH using backend driversMartin Willi2016-11-148-0/+469
|
* test-vectors: Add a Curve25519 DH test vectorMartin Willi2016-11-143-0/+36
|
* proposal: Add a curve25519 proposal keywordMartin Willi2016-11-141-0/+1
|
* diffie-hellman: Add DH group identifiers for Curve25519 and Curve448Martin Willi2016-11-142-3/+14
|
* bus: Re-add ampersand that got lost in refactoringTobias Brunner2016-11-141-1/+1
| | | | | Fixes: 4af02c6c61cf ("bus: Fix maximum log level for different groups after removal of a logger")
* peer-cfg: Fix memory leak when replacing child configsTobias Brunner2016-11-111-0/+1
| | | | | Fixes: 622c2b2c3386 ("peer-cfg: Add method to atomically replace child configs")
* bus: Fix maximum log level for different groups after removal of a loggerTobias Brunner2016-11-111-5/+5
| | | | | | | The log level was incorrectly set to the same value for all groups. Fixes: dac15e03c828 ("bus: Fix maximum log levels when mixing log/vlog implementing loggers")
* farp: Fix BPF jump false offsetVolker RĂ¼melin2016-10-311-1/+1
| | | | Jump to BPF_STMT(BPF_RET+BPF_K, 0) if protocol_size != 4
* Fixed in-place update of cached base and delta CRLsAndreas Steffen2016-10-301-4/+4
|
* Newer CRLs replace older versions of the CRL in the cacheAndreas Steffen2016-10-261-0/+39
|
* connmark: Add CAP_NET_RAW to capabilities keep listTim Kent2016-10-251-0/+6
| | | | | | | | | Fix for "Permission denied (you must be root)" error when calling iptc_init(), which opens a RAW socket to communicate with the kernel, when built with "--with-capabilities=libcap". Closes strongswan/strongswan#53. Fixes #2157.
* nm: Enable IKE fragmentationTobias Brunner2016-10-201-1/+1
|
* added XOF dependencies of bliss and ntru pluginsAndreas Steffen2016-10-182-4/+26
|
* newhope: Fix Doxygen group nameTobias Brunner2016-10-141-1/+1
|
* libnttfft: Fix Doxygen groupTobias Brunner2016-10-141-1/+3
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-10-142-3/+3
|
* newhope: Properly release allocated arrays if RNG can't be createdTobias Brunner2016-10-141-8/+8
|
* nm: Add D-Bus policy to the distributionTobias Brunner2016-10-141-0/+2
|
* nm: Version bump to 1.4.1Tobias Brunner2016-10-142-1/+6
|
* kernel-netlink: Fix get_route() interface determinationChristophe Gouault2016-10-121-2/+2
| | | | | | | | | | | | A wrong variable is used (route instead of best), so much that the returned interface belongs to the last seen route instead of the best choice route. get_route() may therefore return mismatching interface and gateway. Fixes: 66e9165bc686 ("kernel-netlink: Return outbound interface in get_nexthop()") Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
* Save both base and delta CRLs to diskAndreas Steffen2016-10-112-2/+9
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 06:34:00 +0000