Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Support signing of RADIUS accounting messages | Martin Willi | 2012-01-30 | 3 | -10/+26 | |
| | ||||||
* | RADIUS message constructor accepts a message code parameter | Martin Willi | 2012-01-30 | 3 | -7/+8 | |
| | ||||||
* | Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available. | Tobias Brunner | 2012-01-30 | 1 | -0/+10 | |
| | ||||||
* | Cache list of plugin names to further simplify its usage. | Tobias Brunner | 2012-01-19 | 8 | -73/+62 | |
| | | | | Also helpful for ipsec statusall to avoid having to enumerate plugins. | |||||
* | Log list of loaded plugins in main PKI help output. | Tobias Brunner | 2012-01-19 | 1 | -0/+8 | |
| | ||||||
* | Simplified logging of list of loaded plugins. | Tobias Brunner | 2012-01-19 | 5 | -59/+22 | |
| | ||||||
* | Function added to plugin_loader to get a list of the names of loaded plugins. | Tobias Brunner | 2012-01-19 | 2 | -1/+34 | |
| | ||||||
* | Use correct time_t variables to store ARG_TIME options | Martin Willi | 2012-01-18 | 2 | -4/+4 | |
| | ||||||
* | Destroy active task list before queued tasks | Thomas Egerer | 2012-01-18 | 1 | -3/+3 | |
| | | | | | | | Since active task's destruction might result in adopting tasks from a rekeyed ike sa it seems better to first destroy the active task list and then destroy all queued tasks. This way adoption is possible at all, while otherwise the queued task list would be empty. | |||||
* | Various style, typo and whitespace corrections | Adrian-Ken Rueegsegger | 2012-01-13 | 1 | -3/+2 | |
| | ||||||
* | Starter depends on whack/stroke on Android. | Tobias Brunner | 2012-01-12 | 1 | -0/+5 | |
| | | | | | With this change whack and stroke get installed automatically if starter is enabled. | |||||
* | Android 4 requires LOCAL_MODULE_TAGS to be set for all modules. | Tobias Brunner | 2012-01-12 | 12 | -0/+24 | |
| | | | | | | | Because all packages are now marked as optional executables that are to be installed on the final system have to be added to PRODUCT_PACKAGES in build/target/product/core.mk. Dependencies (such as libraries) are installed automatically. | |||||
* | Fixed additional typos in comments and log messages. | Tobias Brunner | 2012-01-12 | 14 | -19/+19 | |
| | ||||||
* | Fix whitespaces | Adrian-Ken Rueegsegger | 2012-01-12 | 2 | -16/+16 | |
| | ||||||
* | Some documentation corrections | Adrian-Ken Rueegsegger | 2012-01-12 | 8 | -33/+32 | |
| | ||||||
* | Fix gettid() on Android, which is defined in unistd.h there. | Tobias Brunner | 2012-01-12 | 1 | -3/+4 | |
| | ||||||
* | Use native gettid() if available (which is the case on Android). | Tobias Brunner | 2012-01-10 | 1 | -3/+11 | |
| | ||||||
* | pluto: Use srand() to initialize the C library PRNG. | Tobias Brunner | 2012-01-04 | 1 | -0/+3 | |
| | | | | Otherwise rekey and DPD times would always be the same after a restart. | |||||
* | Added a tls_socket_t.splice method to wrap a file descriptor into TLS | Martin Willi | 2011-12-31 | 2 | -5/+107 | |
| | ||||||
* | Implemented TLS session resumption both as client and as server | Martin Willi | 2011-12-31 | 14 | -105/+273 | |
| | ||||||
* | Implemented a TLS session cache | Martin Willi | 2011-12-31 | 3 | -0/+316 | |
| | ||||||
* | Check for cipherspec changes after each handshake message | Martin Willi | 2011-12-31 | 1 | -2/+6 | |
| | ||||||
* | Separated cipherspec checking and switching, allowing us to defer the second | Martin Willi | 2011-12-31 | 4 | -33/+49 | |
| | ||||||
* | Make number of concurrently handled stroke messages configurable. | Tobias Brunner | 2011-12-29 | 1 | -2/+9 | |
| | ||||||
* | Limit the number of concurrently handled stroke messages. | Tobias Brunner | 2011-12-29 | 1 | -18/+104 | |
| | | | | This avoids clogging the thread pool with potentially blocking jobs. | |||||
* | register aik certificate via ipsec attest | Andreas Steffen | 2011-12-25 | 4 | -10/+54 | |
| | ||||||
* | Be less verbose about TLS extensions | Martin Willi | 2011-12-24 | 1 | -1/+1 | |
| | ||||||
* | In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash ↵ | Martin Willi | 2011-12-24 | 1 | -20/+20 | |
| | | | | function | |||||
* | Added a getter for the tls_socket file descriptor | Martin Willi | 2011-12-24 | 2 | -0/+14 | |
| | ||||||
* | Allow callers to force ASN.1 date encoding as GENERALIZEDTIME. | Tobias Brunner | 2011-12-23 | 6 | -14/+16 | |
| | ||||||
* | Avoid integer overflow when parsing ASN.1 dates. | Tobias Brunner | 2011-12-23 | 1 | -2/+2 | |
| | | | | This only works properly if sizeof(time_t) > 4. | |||||
* | pki: Avoid integer overflow when calculating certificate lifetimes. | Tobias Brunner | 2011-12-23 | 3 | -3/+3 | |
| | | | | This only works properly if sizeof(time_t) > 4. | |||||
* | Properly ASN.1 encode dates in certificates depending on the year. | Tobias Brunner | 2011-12-23 | 6 | -16/+21 | |
| | ||||||
* | pluto: Fixed expiration date test. | Tobias Brunner | 2011-12-23 | 1 | -2/+1 | |
| | ||||||
* | Fix deadlock in trap_manager_t during acquire. | Tobias Brunner | 2011-12-23 | 1 | -28/+43 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fixes a TOCTOU issue regarding the use of entry_t.pending. The deadlock was caused because the rwlock was being locked while waiting for an IKE_SA. Triggering the deadlock was a bit tricky, here is the description by Thomas Egerer (the reporter of this issue): " The deadlock occurs when the following happens (in the given order): a) an IKE_SA is built and a thread is processing the IKE_AUTH request, which can take a bit longer when a smartcard is involved. This causes the ike_sa_manager to lock a particular IKE_SA exclusively. b) an acquire is triggered which causes the rwlock in the trap_manager to be read-locked, the subsequent call to ike_sa_manager->checkout_by_config has to wait until a) unlocks it's ike_sa. c) a child_cfg contained in the peer_cfg belonging to the ike_sa a) has locked is routed causes the child_configs contained in the peer config to be locked by c) while the actual routing code within trap_manager tries to writelock it's rwlock. That's about it. As soon as a) finishes authentication of the peer and tries to find a matching child sa it will try to lock the child configs of the peer config which is not possible since it has been locked by c). Thread | Resource locked | Resource desired -------+--------------------------------+-------------------------------- (a) | ike_sa in ike_sa_manager | child_cfgs of peer_cfg | | (b) | rwlock in trap-manager (read) | ike_sa in ike_sa_manager | | (c) | child_cfgs of peer_cfg | rwlock in trap-manager (write) " With this patch thread (b) now does not hold the lock while waiting for the IKE_SA. Thus (c) can get the write lock, and (a) can subsequently lock the mutex in the peer_cfg which then finally allows (b) to checkout the IKE_SA. | |||||
* | Added atomic compare and swap operations. | Tobias Brunner | 2011-12-23 | 2 | -0/+48 | |
| | | | | Using a GCC atomic builtin if available or a global mutex otherwise. | |||||
* | Fixed flush() method of trap_manager_t. | Tobias Brunner | 2011-12-23 | 1 | -3/+9 | |
| | | | | | A segmentation fault could have happened during destruction of the trap manager after calling flush(). | |||||
* | additional state waiting for the EvidenceFinal attribute response | Andreas Steffen | 2011-12-20 | 2 | -0/+8 | |
| | ||||||
* | moved send_message() in front of recommendation evaluation | Andreas Steffen | 2011-12-18 | 4 | -20/+21 | |
| | ||||||
* | added case IMV_ATTESTATION_STATE_END | Andreas Steffen | 2011-12-18 | 2 | -5/+3 | |
| | ||||||
* | TrouSerS expects a bitmask field length of at least 3 bytes | Sansar Choinyambuu | 2011-12-18 | 1 | -1/+5 | |
| | ||||||
* | build PA-TNC message only if there are PA-TNC attributes to send | Andreas Steffen | 2011-12-18 | 3 | -20/+43 | |
| | ||||||
* | destroy attributes, too | Andreas Steffen | 2011-12-18 | 1 | -1/+1 | |
| | ||||||
* | added reference counts to all PA-TNC attribute classes | Andreas Steffen | 2011-12-18 | 19 | -56/+405 | |
| | ||||||
* | reworded comments and debug output | Andreas Steffen | 2011-12-18 | 1 | -13/+20 | |
| | ||||||
* | Prepend Debian string to Debian version | Andreas Steffen | 2011-12-18 | 1 | -7/+19 | |
| | ||||||
* | removed unused variable | Andreas Steffen | 2011-12-16 | 1 | -1/+0 | |
| | ||||||
* | moved management of additional IMC/IMV IDs to agent | Andreas Steffen | 2011-12-16 | 7 | -83/+146 | |
| | ||||||
* | Also log PGP parsing in ASN log group. | Tobias Brunner | 2011-12-16 | 2 | -19/+19 | |
| | ||||||
* | Log messages for PKCS1 and PEM parsing in ASN log group. | Tobias Brunner | 2011-12-16 | 2 | -11/+11 | |
| |