aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/gcrypt
Commit message (Collapse)AuthorAgeFilesLines
* gcrypt: Add support for static salts when signing with RSA-PSSTobias Brunner2017-11-081-6/+17
|
* gcrypt: Add support for RSA-PSS signaturesTobias Brunner2017-11-083-31/+127
| | | | | | | | For salt lengths other than 20 this requires 0bd8137e68c2 ("cipher: Add option to specify salt length for PSS verification."), which was included in libgcrypt 1.7.0 (for Ubuntu requires 17.04). As that makes it pretty much useless for us (SHA-1 is a MUST NOT), we require that version to even provide the feature.
* gcrypt: Register supported RSA signature/verification schemesTobias Brunner2017-11-081-0/+16
|
* gcrypt: Determine missing RSA private key parametersTobias Brunner2017-11-081-4/+133
| | | | | We only need n, e, and d. The primes p and q and the coefficient for the Chinese remainder algorithm can be determined from these.
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-081-1/+1
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-081-1/+1
|
* Define MODP_CUSTOM constructors as variadic functionsTobias Brunner2017-09-182-6/+6
| | | | | | They now match the dh_constructor_t signature. This is a follow up for the changes merged with b668bf3f9ec1 and should fix use of MODP_CUSTOM on Apple's ARM64 platform.
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-222-14/+14
|
* Use standard unsigned integer typesAndreas Steffen2016-03-243-3/+3
|
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-141-4/+4
|
* gcrypt: Explicitly initialize RNG backend to allocate static dataMartin Willi2015-04-151-0/+3
| | | | | | The libgcrypt RNG implementation uses static buffer allocation which it does not free. There is no symbol we can catch in leak-detective, hence we explicitly initialize the RNG during the whitelisted gcrypt_plugin_create() function.
* gcrypt: Support setting private value and testing of DH backendMartin Willi2015-04-151-0/+19
|
* diffie-hellman: Verify public DH values in backendsMartin Willi2015-03-231-0/+5
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-2/+3
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-1/+2
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-231-3/+3
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* crypto: Define MODP_CUSTOM outside of IKE DH rangeTobias Brunner2014-12-231-1/+1
| | | | | | | | | Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221.
* curl: For SSL features, depend on thread-safety provided by our crypto pluginsMartin Willi2014-09-241-0/+2
| | | | | | | | | To use SSL in curl, we need to initialize the SSL library in a thread-safe manner and provide the appropriate callbacks. As we already do that in our crypto plugins using these libraries, we depend on these features. This implies that we need the same plugin enabled (openssl, gcrypt) as the curl backend is configured to use to fetch from HTTPS URIs.
* gcrypt: Use predefined pthread locking functions instead of custom hooksMartin Willi2014-07-011-50/+4
| | | | | | | | | | | | | Starting with libgcrypt 1.6, it seems that custom locking functions are not supported anymore. Instead, the user has to select from one of the pre-defined set of locking functions. Given that we have a proper threading abstraction API with optional profiling on all platforms, this is somewhat annoying. However, there does not seem to be a way to use custom functions, and we have no other choice than using the provided macro magic to support all libgcrypt versions. Fixes #630.
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* lib: All settings use configured namespaceTobias Brunner2014-02-121-2/+2
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-111-1/+1
| | | | for IKEv2 anyway
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-3/+4
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* Moved debug.[ch] to utils folderTobias Brunner2012-10-246-6/+6
|
* Add a return value to hasher_t.reset()Martin Willi2012-07-161-1/+2
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-163-10/+7
|
* Add a return value to hasher_t.get_hash()Martin Willi2012-07-161-1/+2
|
* Add a return value to crypter_t.set_key()Martin Willi2012-07-161-2/+2
|
* Add a return value to crypter_t.decrypt()Martin Willi2012-07-161-8/+8
|
* Add a return value to crypter_t.encryptMartin Willi2012-07-161-14/+11
|
* Check rng return value when generating DH secret in gcrypt pluginTobias Brunner2012-07-161-2/+2
|
* RNGs' get_bytes and allocate_bytes return booleanTobias Brunner2012-07-161-2/+4
|
* gcrypt: Register SHA1 first as HASH_PREFERRED depends on itTobias Brunner2012-06-271-1/+1
|
* gcrypt does not support MD2Andreas Steffen2011-11-091-1/+0
|
* Add features support to gcrypt plugin.Tobias Brunner2011-10-171-101/+74
|
* Fixed common misspellings.Tobias Brunner2011-07-201-1/+1
| | | | Mostly found by 'codespell'.
* Fix some warnings triggered by gcc 4.6 -Wunused-but-set-variableMartin Willi2011-05-191-2/+2
|
* Added a (not yet implemented) plugin_t method to reload plugin configurationMartin Willi2011-04-151-0/+1
|
* Added a get_name() function to plugin_t, create_plugin_enumerator enumerates ↵Martin Willi2011-04-151-35/+40
| | | | over plugin_t
* trace back crypto algorithms to the plugins that registered themAndreas Steffen2010-12-181-33/+35
|
* Added a final flag to builder registration to enumerate the actually ↵Martin Willi2010-09-031-3/+3
| | | | supported algorithms
* Added support for MODP_CUSTOM to gcrypt pluginMartin Willi2010-09-033-19/+56
|
* Use a seperate section for each nested struct member in INIT macroMartin Willi2010-08-187-49/+65
|
* Variable key length crypters use default key length if zero givenMartin Willi2010-08-161-1/+5
|
* Implemented AES/Camellia counter mode in gcryptMartin Willi2010-08-132-6/+63
|
* Add dedicated getter for the IV size to the crypter_t interfaceMartin Willi2010-08-131-0/+10
|
* Use bits instead of bytes for a private/public keyMartin Willi2010-08-102-4/+4
|
* Added support for different encryption schemes to private/public keysMartin Willi2010-08-102-2/+16
|
* Migraded gcrypt plugin to INIT/METHOD macrosMartin Willi2010-08-1011-242/+165
|
* Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵Martin Willi2010-07-132-19/+19
| | | | encoding
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 21:55:44 +0000