aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* unit-tests: Added bliss_fft_speed testAndreas Steffen2016-07-221-1/+42
|
* libtpmtss: Use pkconfig to configure TSS 2.0 includes and librariesAndreas Steffen2016-07-203-4/+7
|
* ike1: Flush active queue when queueing a delete of the IKE_SATobias Brunner2016-07-191-0/+3
| | | | | | | | | | | By aborting the active task we don't have to wait for potential retransmits if the other peer does not respond to the current task. Since IKEv1 has no sequential message IDs and INFORMATIONALs are no real exchanges this should not be a problem. Fixes #1537 References #429, #1410 Closes strongswan/strongswan#48
* Fixed some typos, courtesy of codespellTobias Brunner2016-07-045-5/+5
|
* imcv: Added EFI HCRTM eventAndreas Steffen2016-06-301-2/+7
|
* aikgen: Fix computation of key ID of the AIK public keyTobias Brunner2016-06-301-7/+8
| | | | We don't have direct access to the modulus and exponent of the key anymore.
* libtpmtss: Define missing Doxygen group and fix some commentsTobias Brunner2016-06-305-7/+9
|
* libimcv: Fix Doxygen commentTobias Brunner2016-06-301-1/+1
|
* ikev1: Add support for extended sequence numbersThomas Egerer2016-06-291-3/+17
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* plugin-loader: Allow selective modification of the default plugin listTobias Brunner2016-06-291-10/+24
| | | | | | | This change allows selectively modifying the default plugin list by setting the `load` setting of individual plugins (e.g. to disable them or to change their priority) without enabling charon.load_modular and having to configure a section and a load statement for every plugin.
* leak-detective: Try to properly free allocations after deinitializationTobias Brunner2016-06-291-0/+13
| | | | | | | | If a function we whitelist allocates memory while leak detective is enabled but only frees it after LD has already been disabled, free() will get called with invalid pointers (not pointing to the actually allocated memory by LD), which will cause checks in the C library to fail and the program to crash. This tries to detect such cases and calling free with the correct pointer.
* openssl: Whitelist OPENSSL_init_crypto() and others in leak detectiveTobias Brunner2016-06-291-0/+4
| | | | | | | | | Lots of static data is allocated in this function, which isn't freed until the library is unloaded (we can't call OPENSSL_cleanup() as initialization would fail when calling it again later). When enabling the leak detective the test runner eventually crashes as all the data allocated during initialization has an invalid size when freed after leak detective has been unloaded.
* openssl: Update GCM/crypter API to OpenSSL 1.1.0Tobias Brunner2016-06-291-13/+13
|
* openssl: Update HMAC API to OpenSSL 1.1.0Tobias Brunner2016-06-291-9/+25
|
* openssl: Don't use deprecated RAND_pseudo_bytes()Tobias Brunner2016-06-291-7/+0
|
* openssl: Update PKCS#12 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-1/+5
|
* openssl: Update PKCS#7 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-3/+7
|
* openssl: Update CRL API to OpenSSL 1.1.0Tobias Brunner2016-06-291-7/+42
| | | | | | There is currently no way to compare the outer and inner algorithms encoded in a parsed CRL. X509_CRL_verify() does not seem to check that either, though (unlike X509_verify()).
* openssl: Update x509 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-12/+48
|
* openssl: Update ECDSA API to OpenSSL 1.1.0Tobias Brunner2016-06-292-5/+24
|
* openssl: Update RSA API to OpenSSL 1.1.0Tobias Brunner2016-06-292-16/+52
|
* openssl: Make some utilities take const BIGNUM pointersTobias Brunner2016-06-292-4/+6
|
* openssl: Add macro to define fallback functions for non-opaque OpenSSL versionsTobias Brunner2016-06-291-0/+38
|
* openssl: Update DH API to OpenSSL 1.1.0Tobias Brunner2016-06-291-11/+41
|
* openssl: Update crypter API to OpenSSL 1.1.0Tobias Brunner2016-06-291-12/+17
| | | | | EVP_CIPHER and EVP_CIPHER_CTX are now opaque types, the getters already existed before.
* openssl: Fix mapping from ASN1 to chunk_t with OpenSSL 1.1.0Tobias Brunner2016-06-291-1/+7
| | | | ASN1_OBJECT is now opaque.
* openssl: Update initialization and cleanup for OpenSSL 1.1.0Tobias Brunner2016-06-291-7/+17
| | | | | | We can't call OPENSSL_cleanup() as that would prevent us from re-initializing the library again (which we use in the Android app, that loads/unloads plugins).
* openssl: OpenSSL 1.1.0 is thread-safe so we don't have to setup callbacksTobias Brunner2016-06-291-0/+13
|
* android: Actually add Android.mk for libtpmtssTobias Brunner2016-06-281-0/+32
|
* android: Fix build after adding libtpmtssTobias Brunner2016-06-283-3/+5
|
* libtpmtss: Added to integrity checksAndreas Steffen2016-06-264-0/+19
|
* aikpub2: Output AIK signature algorithmAndreas Steffen2016-06-261-1/+14
|
* Refactoring to tpm_tss_quote_info objectAndreas Steffen2016-06-2624-397/+923
|
* libimcv: Changed debug level for functional components from 2 to 3Andreas Steffen2016-06-261-2/+2
|
* libtpmtss: Implemented TSS2 quote() methodAndreas Steffen2016-06-261-23/+139
|
* libtpmtss: Implemented TSS2 read_pcr() methodAndreas Steffen2016-06-221-6/+114
|
* libimcv: migrate pts to tpm_tssAndreas Steffen2016-06-2210-495/+568
|
* libtpmtss: Get TPM 2.0 capabilitiesAndreas Steffen2016-06-224-2/+227
|
* libtpmtss: Retrieve TPM 1.2 version infoAndreas Steffen2016-06-223-3/+75
|
* Created libtpmtss library handling access to v1.2 and v2.0 TPMsAndreas Steffen2016-06-2212-393/+914
|
* aikpub2: --handle option retrieves public key from TPM 2.0 NVRAMAndreas Steffen2016-06-222-30/+147
|
* aikpub2: Convert TSS 2.0 AIK public key blob into PKCS#1 formatAndreas Steffen2016-06-225-1/+384
|
* unit-tests: Add tests for expires after CHILD_SA rekeyingTobias Brunner2016-06-171-0/+129
|
* child-rekey: Only rekey installed CHILD_SAsTobias Brunner2016-06-171-7/+14
| | | | | | | | | | | | Depending on the lifetimes a CHILD_SA we rekeyed as responder might expire shortly afterwards. We don't want to rekey it again. When retrying due to an INVALID_KE_PAYLOAD notify the expected state is CHILD_REKEYING if it is anything else (e.g. due to a collision) we ignore it. We also abort the exchange properly if we don't find the CHILD_SA, no need for an empty INFORMATIONAL exchange anymore.
* Report test coverage of libcharon and starterTobias Brunner2016-06-172-0/+6
|
* unit-tests: Add test for CHILD_SA rekey if a retry due to an ↵Tobias Brunner2016-06-171-0/+143
| | | | INVALID_KE_PAYLOAD is delayed
* child-rekey: Ignore failed colliding CHILD_SA rekeyingsTobias Brunner2016-06-171-1/+10
| | | | | | | If a passive rekeying fails due to an INVALID_KE_PAYLOAD we don't want to consider this task later when resolving collisions. This previously might have caused the wrong SA to get deleted/installed based on the nonces in the unsuccessful exchange.
* unit-tests: Add test for collision between IKE_SA rekey and CHILD_SA creationTobias Brunner2016-06-173-0/+108
|
* child-create: Retry creating the CHILD_SA if TEMPORARY_FAILURE is receivedTobias Brunner2016-06-171-4/+33
| | | | We queue a delayed task that is initiated after a while.
* ikev2: Add possibility to delay initiation of a queued taskTobias Brunner2016-06-175-66/+189
| | | | | | | | | | | Such a task is not initiated unless a certain time has passed. This allows delaying certain tasks but avoids problems if we'd do this via a scheduled job (e.g. if the IKE_SA is rekeyed in the meantime). If the IKE_SA is rekeyed the delay of such tasks is reset when the tasks are adopted i.e. they get executed immediately on the new IKE_SA. This hasn't been implemented for IKEv1 yet.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 14:37:58 +0000