Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Pass a constructor callback to create TNCCS server instances while dispatching | Martin Willi | 2013-01-17 | 4 | -15/+31 |
| | |||||
* | Create pt_tls_client with separate server address and identity | Martin Willi | 2013-01-16 | 2 | -28/+19 |
| | |||||
* | Create pt_tls_dispatcher with separate server address and identity | Martin Willi | 2013-01-16 | 2 | -17/+13 |
| | |||||
* | Add a libpttls providing NEA PT-TLS / TNC IF-T for TLS transport layer | Martin Willi | 2013-01-16 | 10 | -0/+1169 |
| | |||||
* | Send TLS close notify during tls_socket_t destruction | Martin Willi | 2013-01-15 | 1 | -2/+25 |
| | |||||
* | Send TLS close notify if application returns SUCCESS | Martin Willi | 2013-01-15 | 1 | -2/+6 |
| | |||||
* | Block TLS read when sending data, but have to wait for the handshake data first | Martin Willi | 2013-01-15 | 1 | -4/+11 |
| | |||||
* | TNCCS plugins don't depend on EAP-TNC, but can be used by other transports, too | Martin Willi | 2013-01-15 | 3 | -9/+0 |
| | |||||
* | Add a bio_reader_t constructor variant freeing passed data during destruction | Martin Willi | 2013-01-15 | 2 | -1/+32 |
| | |||||
* | Use a more POSIXy tls_socket interface with more flexibility. | Martin Willi | 2013-01-15 | 2 | -81/+165 |
| | | | | | If an unsufficient read buffer is provided, application data gets cached for subsequent read() calls. | ||||
* | Add a chunk_from_str() initializer that does not include 0-terminator | Martin Willi | 2013-01-15 | 1 | -0/+5 |
| | |||||
* | Reseed rdrand after every 128bit sample only | Martin Willi | 2013-01-15 | 1 | -2/+2 |
| | |||||
* | android: Properly escape apostrophes in Ukrainian translation5.0.2dr4 | Tobias Brunner | 2013-01-14 | 1 | -8/+8 |
| | |||||
* | android: Implement kernel_net_t.get_interface via JNI | Tobias Brunner | 2013-01-14 | 4 | -6/+92 |
| | | | | | | This is now required to properly accept/install a virtual IP address. Fixes #275. | ||||
* | android: Moved chunk_from_byte_array and byte_array_from_chunk helper functions | Tobias Brunner | 2013-01-14 | 2 | -24/+32 |
| | |||||
* | android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h ↵ | Tobias Brunner | 2013-01-14 | 1 | -0/+1 |
| | | | | on Android | ||||
* | Properly send IKEv1 packets if no ike_cfg is known yet | Tobias Brunner | 2013-01-14 | 1 | -2/+5 |
| | | | | This applies for error notifies. | ||||
* | Don't handle right=%any6 as "loose" identity, but as %any | Martin Willi | 2013-01-14 | 1 | -2/+1 |
| | |||||
* | Respect given address family when resolving "%any" | Martin Willi | 2013-01-14 | 1 | -1/+5 |
| | |||||
* | Android.mk of libstrongswan updated | Tobias Brunner | 2013-01-14 | 1 | -2/+2 |
| | |||||
* | Merge branch 'ikev1-fragmentation' | Tobias Brunner | 2013-01-12 | 34 | -59/+859 |
|\ | | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS | ||||
| * | Added an option to configure the maximum size of a fragment | Tobias Brunner | 2013-01-12 | 1 | -3/+10 |
| | | |||||
| * | Properly detect fragmentation capabilities | Tobias Brunner | 2013-01-12 | 1 | -3/+27 |
| | | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately. | ||||
| * | Added an option that allows to force IKEv1 fragmentation | Tobias Brunner | 2013-01-12 | 19 | -29/+67 |
| | | |||||
| * | Use a connection specific option to en-/disable IKEv1 fragmentation | Tobias Brunner | 2012-12-24 | 23 | -28/+59 |
| | | |||||
| * | Include source port in init hash for fragmented messages | Tobias Brunner | 2012-12-24 | 1 | -1/+8 |
| | | |||||
| * | Add an option to en-/disable IKE fragmentation | Tobias Brunner | 2012-12-24 | 2 | -5/+20 |
| | | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled. | ||||
| * | Split larger messages into fragments if IKE fragmentation is supported by peer | Tobias Brunner | 2012-12-24 | 1 | -14/+114 |
| | | |||||
| * | Log message size for in- and outbound IKE messages | Tobias Brunner | 2012-12-24 | 2 | -4/+7 |
| | | |||||
| * | Add support to create IKE fragments | Tobias Brunner | 2012-12-24 | 2 | -0/+30 |
| | | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing. | ||||
| * | Log added NAT-T vendor IDs | Tobias Brunner | 2012-12-24 | 1 | -0/+1 |
| | | |||||
| * | Detect a peer's support for IKE fragmentation | Tobias Brunner | 2012-12-24 | 2 | -0/+9 |
| | | | | | | | | Fragments are accepted even if this vendor ID is not seen. | ||||
| * | Map fragmented initial initial Main or Aggressive Mode messages to the same ↵ | Tobias Brunner | 2012-12-24 | 1 | -1/+17 |
| | | | | | | | | IKE_SA | ||||
| * | Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵ | Tobias Brunner | 2012-12-24 | 1 | -1/+2 |
| | | | | | | | | | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges. | ||||
| * | Don't handle fragmented messages larger than charon.max_packet | Tobias Brunner | 2012-12-24 | 1 | -4/+39 |
| | | |||||
| * | Don't update an IKE_SA-entry's cached message ID when handling fragments | Tobias Brunner | 2012-12-24 | 1 | -1/+4 |
| | | |||||
| * | Store inbound IKE fragments and reassemble the message when all fragments ↵ | Tobias Brunner | 2012-12-24 | 1 | -3/+166 |
| | | | | | | | | are received | ||||
| * | Add message rules to properly handle IKE fragments | Tobias Brunner | 2012-12-24 | 1 | -0/+8 |
| | | | | | | | | | | These are sent in unencrypted messages and are the only payload contained in such messages. | ||||
| * | Reset the encrypted flag when handling IKE messages that contain a fragment | Tobias Brunner | 2012-12-24 | 1 | -0/+6 |
| | | | | | | | | | | Racoon sets the encrypted bit for messages containing a fragment, but these messages are not really encrypted (the fragmented message is though). | ||||
| * | Payload added to handle IKE fragments | Tobias Brunner | 2012-12-24 | 6 | -11/+314 |
| | | |||||
* | | Don't use bio_writer_t.skip() to write length field when appending more data | Martin Willi | 2013-01-11 | 2 | -6/+9 |
| | | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation. | ||||
* | | Use raw opcodes for rdrand to build with older binutils | Martin Willi | 2013-01-11 | 1 | -6/+6 |
| | | |||||
* | | Provide RNG_TRUE quality in rdrand by mixing reseeded outputs using AES | Martin Willi | 2013-01-11 | 2 | -8/+108 |
| | | |||||
* | | Provide RNG_STRONG quality in rdrand by forcing PRNG reseed after every sample | Martin Willi | 2013-01-11 | 2 | -1/+69 |
| | | |||||
* | | Provide RNG_WEAK quality random generator in rdrand | Martin Willi | 2013-01-11 | 4 | -2/+342 |
| | | |||||
* | | Add a rdrand plugin stub detecting availability of RDRAND instructions | Martin Willi | 2013-01-11 | 4 | -0/+183 |
| | | |||||
* | | Streamline debug output when receiving intermediate CA certificates in IKEv1 | Martin Willi | 2013-01-11 | 1 | -1/+1 |
| | | |||||
* | | Refactored IKEv2 cert/certreq payload processing to multiple functions | Martin Willi | 2013-01-11 | 1 | -112/+141 |
| | | |||||
* | | Refactored IKEv1 cert payload processing to multiple functions | Martin Willi | 2013-01-11 | 1 | -73/+102 |
| | | |||||
* | | IKEv1 support for PKCS#7 wrapped certificates | Volker Rümelin | 2013-01-11 | 3 | -0/+96 |
| | |