aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Support signing of RADIUS accounting messagesMartin Willi2012-01-303-10/+26
|
* RADIUS message constructor accepts a message code parameterMartin Willi2012-01-303-7/+8
|
* Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available.Tobias Brunner2012-01-301-0/+10
|
* Cache list of plugin names to further simplify its usage.Tobias Brunner2012-01-198-73/+62
| | | | Also helpful for ipsec statusall to avoid having to enumerate plugins.
* Log list of loaded plugins in main PKI help output.Tobias Brunner2012-01-191-0/+8
|
* Simplified logging of list of loaded plugins.Tobias Brunner2012-01-195-59/+22
|
* Function added to plugin_loader to get a list of the names of loaded plugins.Tobias Brunner2012-01-192-1/+34
|
* Use correct time_t variables to store ARG_TIME optionsMartin Willi2012-01-182-4/+4
|
* Destroy active task list before queued tasksThomas Egerer2012-01-181-3/+3
| | | | | | | Since active task's destruction might result in adopting tasks from a rekeyed ike sa it seems better to first destroy the active task list and then destroy all queued tasks. This way adoption is possible at all, while otherwise the queued task list would be empty.
* Various style, typo and whitespace correctionsAdrian-Ken Rueegsegger2012-01-131-3/+2
|
* Starter depends on whack/stroke on Android.Tobias Brunner2012-01-121-0/+5
| | | | | With this change whack and stroke get installed automatically if starter is enabled.
* Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.Tobias Brunner2012-01-1212-0/+24
| | | | | | | Because all packages are now marked as optional executables that are to be installed on the final system have to be added to PRODUCT_PACKAGES in build/target/product/core.mk. Dependencies (such as libraries) are installed automatically.
* Fixed additional typos in comments and log messages.Tobias Brunner2012-01-1214-19/+19
|
* Fix whitespacesAdrian-Ken Rueegsegger2012-01-122-16/+16
|
* Some documentation correctionsAdrian-Ken Rueegsegger2012-01-128-33/+32
|
* Fix gettid() on Android, which is defined in unistd.h there.Tobias Brunner2012-01-121-3/+4
|
* Use native gettid() if available (which is the case on Android).Tobias Brunner2012-01-101-3/+11
|
* pluto: Use srand() to initialize the C library PRNG.Tobias Brunner2012-01-041-0/+3
| | | | Otherwise rekey and DPD times would always be the same after a restart.
* Added a tls_socket_t.splice method to wrap a file descriptor into TLSMartin Willi2011-12-312-5/+107
|
* Implemented TLS session resumption both as client and as serverMartin Willi2011-12-3114-105/+273
|
* Implemented a TLS session cacheMartin Willi2011-12-313-0/+316
|
* Check for cipherspec changes after each handshake messageMartin Willi2011-12-311-2/+6
|
* Separated cipherspec checking and switching, allowing us to defer the secondMartin Willi2011-12-314-33/+49
|
* Make number of concurrently handled stroke messages configurable.Tobias Brunner2011-12-291-2/+9
|
* Limit the number of concurrently handled stroke messages.Tobias Brunner2011-12-291-18/+104
| | | | This avoids clogging the thread pool with potentially blocking jobs.
* register aik certificate via ipsec attestAndreas Steffen2011-12-254-10/+54
|
* Be less verbose about TLS extensionsMartin Willi2011-12-241-1/+1
|
* In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash ↵Martin Willi2011-12-241-20/+20
| | | | function
* Added a getter for the tls_socket file descriptorMartin Willi2011-12-242-0/+14
|
* Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.Tobias Brunner2011-12-236-14/+16
|
* Avoid integer overflow when parsing ASN.1 dates.Tobias Brunner2011-12-231-2/+2
| | | | This only works properly if sizeof(time_t) > 4.
* pki: Avoid integer overflow when calculating certificate lifetimes.Tobias Brunner2011-12-233-3/+3
| | | | This only works properly if sizeof(time_t) > 4.
* Properly ASN.1 encode dates in certificates depending on the year.Tobias Brunner2011-12-236-16/+21
|
* pluto: Fixed expiration date test.Tobias Brunner2011-12-231-2/+1
|
* Fix deadlock in trap_manager_t during acquire.Tobias Brunner2011-12-231-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fixes a TOCTOU issue regarding the use of entry_t.pending. The deadlock was caused because the rwlock was being locked while waiting for an IKE_SA. Triggering the deadlock was a bit tricky, here is the description by Thomas Egerer (the reporter of this issue): " The deadlock occurs when the following happens (in the given order): a) an IKE_SA is built and a thread is processing the IKE_AUTH request, which can take a bit longer when a smartcard is involved. This causes the ike_sa_manager to lock a particular IKE_SA exclusively. b) an acquire is triggered which causes the rwlock in the trap_manager to be read-locked, the subsequent call to ike_sa_manager->checkout_by_config has to wait until a) unlocks it's ike_sa. c) a child_cfg contained in the peer_cfg belonging to the ike_sa a) has locked is routed causes the child_configs contained in the peer config to be locked by c) while the actual routing code within trap_manager tries to writelock it's rwlock. That's about it. As soon as a) finishes authentication of the peer and tries to find a matching child sa it will try to lock the child configs of the peer config which is not possible since it has been locked by c). Thread | Resource locked | Resource desired -------+--------------------------------+-------------------------------- (a) | ike_sa in ike_sa_manager | child_cfgs of peer_cfg | | (b) | rwlock in trap-manager (read) | ike_sa in ike_sa_manager | | (c) | child_cfgs of peer_cfg | rwlock in trap-manager (write) " With this patch thread (b) now does not hold the lock while waiting for the IKE_SA. Thus (c) can get the write lock, and (a) can subsequently lock the mutex in the peer_cfg which then finally allows (b) to checkout the IKE_SA.
* Added atomic compare and swap operations.Tobias Brunner2011-12-232-0/+48
| | | | Using a GCC atomic builtin if available or a global mutex otherwise.
* Fixed flush() method of trap_manager_t.Tobias Brunner2011-12-231-3/+9
| | | | | A segmentation fault could have happened during destruction of the trap manager after calling flush().
* additional state waiting for the EvidenceFinal attribute responseAndreas Steffen2011-12-202-0/+8
|
* moved send_message() in front of recommendation evaluationAndreas Steffen2011-12-184-20/+21
|
* added case IMV_ATTESTATION_STATE_ENDAndreas Steffen2011-12-182-5/+3
|
* TrouSerS expects a bitmask field length of at least 3 bytesSansar Choinyambuu2011-12-181-1/+5
|
* build PA-TNC message only if there are PA-TNC attributes to sendAndreas Steffen2011-12-183-20/+43
|
* destroy attributes, tooAndreas Steffen2011-12-181-1/+1
|
* added reference counts to all PA-TNC attribute classesAndreas Steffen2011-12-1819-56/+405
|
* reworded comments and debug outputAndreas Steffen2011-12-181-13/+20
|
* Prepend Debian string to Debian versionAndreas Steffen2011-12-181-7/+19
|
* removed unused variableAndreas Steffen2011-12-161-1/+0
|
* moved management of additional IMC/IMV IDs to agentAndreas Steffen2011-12-167-83/+146
|
* Also log PGP parsing in ASN log group.Tobias Brunner2011-12-162-19/+19
|
* Log messages for PKCS1 and PEM parsing in ASN log group.Tobias Brunner2011-12-162-11/+11
|