aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* android: Make sure every listener at the VPN state service is only ↵Tobias Brunner2017-06-301-11/+11
| | | | | | | | | registered once We register when the service connects but also in onStart() (as we unregister in onStop() to avoid updates when not shown). So this could theoretically cause the listener to get registered twice if the service is connected before onStart() is called (it seems it usually isn't).
* android: Add menu item to import VPN profile via Storage Access FrameworkTobias Brunner2017-06-303-14/+59
| | | | | This is useful in case the proper MIME type was not set for a downloaded profile.
* android: Add translation for Traditional ChineseTobias Brunner2017-06-302-0/+176
| | | | Courtesy of Chris Chiang.
* android: Move Simplified Chinese translation to values-zg-rCN folderTobias Brunner2017-06-302-0/+0
|
* android: Update Gradle plugin and wrapperTobias Brunner2017-06-303-4/+4
|
* ikev1: Only delete redundant CHILD_SAs if configuredTobias Brunner2017-06-261-1/+5
| | | | | | | | | If we find a redundant CHILD_SA (the peer probably rekeyed the SA before us) we might not want to delete the old SA because the peer might still use it (same applies to old CHILD_SAs after rekeyings). So only delete them if configured to do so. Fixes #2358.
* configure: Enable coverage for all plugins via PLUGIN_CFLAGSTobias Brunner2017-06-203-6/+3
|
* ipsec: Remove `starter` as valid command in --helpTobias Brunner2017-06-201-1/+1
| | | | | | `start` is basically the same thing. Fixes #2362.
* openssl: Properly handle flags in key usage extensionTobias Brunner2017-06-141-8/+6
|
* charon-tkm: Return cloned host from tkm_kernel_sad_t::get_dst_host()Tobias Brunner2017-06-143-2/+4
| | | | | When an expire is triggered while rekeying, the CHILD_SA might be deleted while the returned host is still used to queue a rekey job for the CHILD_SA.
* configure: Use pkg-config to determine Ruby CFLAGS/LIBSTobias Brunner2017-06-073-5/+8
|
* nm: Version bump to 1.4.2Tobias Brunner2017-05-302-1/+7
|
* x509: nameConstraints sequence does not require a loopAndreas Steffen2017-05-291-2/+1
| | | | Fixes: CVE-2017-9023
* unit-tests: Updated asn1-parser testsAndreas Steffen2017-05-291-1/+105
|
* asn1-parser: Fix CHOICE parsingAndreas Steffen2017-05-293-75/+134
| | | | Fixes: CVE-2017-9023
* gmp: Make sure the modulus is odd and the exponent not zeroTobias Brunner2017-05-291-1/+6
| | | | | | | | | Unlike mpz_powm() its secure replacement mpz_powm_sec() has the additional requirement that the exponent must be > 0 and the modulus has to be odd. Otherwise, it will crash with a floating-point exception. Fixes: CVE-2017-9022 Fixes: 3e35a6e7a1b0 ("Use side-channel secured mpz_powm_sec of libgmp 5, if available")
* imv-swid: Fixed memory leak in http REST interfaceAndreas Steffen2017-05-291-17/+19
|
* leak-detective: Whitelisted memory leaks in FHH IMCs and IMVsAndreas Steffen2017-05-291-0/+3
|
* imv-test: Fixed memory leak in server retry use caseAndreas Steffen2017-05-291-0/+2
|
* libtnccs: Fixed memory leak of global variables in libxml2Andreas Steffen2017-05-291-1/+4
|
* ike-cfg: Fix memory leak when matching against rangesTobias Brunner2017-05-291-1/+1
| | | | | | | traffic_selector_t::to_subnet() always sets the net/host (unless the address family was invalid). Fixes: 3070697f9f7c ("ike: support multiple addresses, ranges and subnets in IKE address config")
* ike: Apply retransmission_limit before applying the jitterTobias Brunner2017-05-262-8/+8
|
* eap-sim-file: Remove redundant enumerator allocationTobias Brunner2017-05-261-1/+1
|
* sql: Remove redundant enumerator allocationTobias Brunner2017-05-261-1/+1
| | | | | | Interestingly, this doesn't show up in the regression tests because the compiler removes the first assignment (and thus the allocation) due to -O2 that's included in our default CFLAGS.
* Fixed some typos, courtesy of codespellTobias Brunner2017-05-269-12/+12
|
* linked-list: Change return value of find_first() and signature of its callbackTobias Brunner2017-05-2629-397/+525
| | | | This avoids the unportable five pointer hack.
* linked-list: Change interface of callback for invoke_function()Tobias Brunner2017-05-269-54/+98
| | | | This avoids the unportable five pointer hack.
* linked-list: invoke_offset() doesn't take any additional arguments anymoreTobias Brunner2017-05-263-18/+16
|
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-2650-929/+1331
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-2668-560/+851
|
* enumerator: Add venumerate() method to enumerator_t that takes a va_listTobias Brunner2017-05-262-8/+51
| | | | | | | | | | This will allow us to implement e.g. enumerator_cleaner without having to use that unportable 5 pointer forwarding or having to define a callback for each instance. A generic implementation for enumerate() is provided so only venumerate() has to be implemented, which may be simplified by using the VA_ARGS_VGET() macro.
* utils: Add helper macros to read variadic arguments into local variablesTobias Brunner2017-05-261-2/+46
|
* vici: Make 96-bit truncation for SHA-256 configurableTobias Brunner2017-05-262-0/+20
|
* stroke: Make 96-bit truncation for SHA-256 configurableTobias Brunner2017-05-268-1/+10
|
* child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256Tobias Brunner2017-05-262-0/+11
| | | | | | | | The correct truncation is 128-bit but some implementations insist on using 96-bit truncation. With strongSwan this can be negotiated using an algorithm identifier from a private range. But this doesn't work with third-party implementations. This adds an option to use 96-bit truncation even if the official identifier is used.
* android-log: Link against liblogTobias Brunner2017-05-261-0/+1
|
* unit-tests: Fix test_chunk_eq() if arguments have side-effectsTobias Brunner2017-05-241-1/+1
|
* unit-tests: Check installed IPsec SAs in child-rekey testsTobias Brunner2017-05-231-3/+94
|
* unit-tests: Add assert to check for installed IPsec SAsTobias Brunner2017-05-232-3/+115
|
* unit-tests: Migrate cached IPsec SAs to new IKE_SAs during rekeyingTobias Brunner2017-05-231-0/+42
|
* unit-tests: Keep track of installed IPsec SAs in mock kernel_ipsec_t ↵Tobias Brunner2017-05-232-4/+136
| | | | implementation
* child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAsTobias Brunner2017-05-233-128/+412
| | | | | | | | After deleting a rekeyed CHILD_SA we uninstall the outbound SA but don't destroy the CHILD_SA (and the inbound SA) immediately. We delay it a few seconds or until the SA expires to allow delayed packets to get processed. The CHILD_SA remains in state CHILD_DELETING until it finally gets destroyed.
* delete-child-sa-job: Add new constructor that takes the unique ID of a CHILD_SATobias Brunner2017-05-232-13/+69
| | | | | This makes sure we delete the right SA in case the addresses got updated in the mean time.
* child-sa: Remove state to track installation of half the SA againTobias Brunner2017-05-236-62/+47
|
* unit-tests: Overload helper macro to check for outbound SA stateTobias Brunner2017-05-231-2/+30
|
* child-sa: Expose state of the outbound SATobias Brunner2017-05-232-17/+61
|
* child-sa: Add method to remove the outbound SA and policiesTobias Brunner2017-05-232-5/+78
|
* child-sa: Keep track whether the outbound SA has been installed or notTobias Brunner2017-05-231-8/+13
|
* child-delete: Track flags per individual CHILD_SATobias Brunner2017-05-231-47/+78
|
* ikev2: Delay installation of outbound SAs during rekeying on the responderTobias Brunner2017-05-234-30/+124
| | | | | | | | The responder has all the information needed to install both SAs before the initiator does. So if the responder immediately installs the outbound SA it might send packets using the new SA which the initiator is not yet able to process. This can be avoided by delaying the installation of the outbound SA until the replaced SA is deleted.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 06:29:33 +0000