aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
Commit message (Collapse)AuthorAgeFilesLines
* plugin-loader: Optionally use load option in each plugin section to load pluginsTobias Brunner2014-02-122-4/+144
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This now works because all plugins use the same config namespace. If <ns>.load_modular is true, the list of plugins to load is determined via the value of the <ns>.plugins.<name>.load options. Using includes the following is possible: charon { load_modular = yes plugins { include strongswan.d/charon/*.conf } } charon-cmd { load_modular = yes plugins { include strongswan.d/charon-cmd/*.conf } } Where each .conf file would contain something like: <name> { load = yes <option> = <value> } To increase the priority of individual plugins load = <priority> can be used (the default is 1). For instance, to use openssl instead of the built-in crypto plugins set in strongswan.d/charon/openssl.conf: openssl { load = 10 } If two plugins have the same priority their order in the default plugin list is preserved. Plugins not found in that list are ordered alphabetically before other plugins with the same priority.
* lib: All settings use configured namespaceTobias Brunner2014-02-1215-35/+35
|
* rdrand: Provide get_features() regardless of RDRAND availabilityMartin Willi2014-02-101-6/+6
| | | | | As having no get_features() raises a deprecated warning, we return no features instead.
* rdrand: Move RDRAND detection log to level 2Martin Willi2014-02-101-2/+2
| | | | | When having RDRAND support, these log messages might be confusing when using pki or other tools.
* pem: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-29/+6
|
* curl: Replace spaces in URIs with %20Tobias Brunner2014-01-231-3/+14
| | | | | | | cURL requires the URIs to be URL-encoded. Apparently, some CAs encode CRL URIs with spaces in them. Fixes #454.
* agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socketTobias Brunner2014-01-232-2/+7
| | | | This is also required if charon-cmd is used with capability dropping.
* min_MGF_hash_calls parameter is not needed anymoreAndreas Steffen2013-12-072-18/+0
|
* Optimized MGF1 implementationAndreas Steffen2013-12-071-8/+13
|
* Implemented ntru_trits classAndreas Steffen2013-12-078-291/+292
|
* Streamlined DRBG and MGF1 debug outputAndreas Steffen2013-12-073-14/+20
|
* Added own MGF1 mask generating functionAndreas Steffen2013-12-0510-436/+536
|
* unit-tests: Export ntru_drbg_create as testable function so no linking is ↵Tobias Brunner2013-12-041-5/+7
| | | | | | | | required This way the plugin does not have to be linked explicitly to the test runner, which otherwise would require that the plugin is either always enabled to build the tests or that ifdefs are added to the Makefile.
* unit-tests: Move ntru_test_rng_t to a utility class in libtestTobias Brunner2013-12-043-137/+0
|
* ntru: Fix compiler warning caused by ++/-- on righthand side of an assignmentTobias Brunner2013-12-041-4/+4
| | | | The behavior of stuff like x = --x; (or x++) is not defined.
* Added DRBG automatic reseeding testsAndreas Steffen2013-11-271-2/+2
|
* Use strongSwan hash plugins for SHA-1 and SHA-256Andreas Steffen2013-11-2720-2764/+178
|
* Cleaned up ntru-crypto libraryAndreas Steffen2013-11-2711-474/+8
|
* Implemented NIST SP 800-90A DRBG_HMAC with SHA-256Andreas Steffen2013-11-2714-1533/+550
|
* unit-tests: Added ntru wrong ciphertext testAndreas Steffen2013-11-271-0/+1
|
* unit-tests: Added ntru entropy, retransmission and ciphertext testsAndreas Steffen2013-11-271-0/+5
|
* Any of the four NTRU parameter sets can be selectedAndreas Steffen2013-11-272-45/+76
|
* Make the NTRU parameter set configurableAndreas Steffen2013-11-271-14/+47
|
* unit-tests: first NTRU test caseAndreas Steffen2013-11-271-1/+1
|
* Prototype implementation of IKE key exchange via NTRU encryptionAndreas Steffen2013-11-2735-0/+9332
|
* openssl: Verify that a peer's ECDH public value is a point on the elliptic curveTobias Brunner2013-11-191-0/+5
| | | | | This check is mandated by RFC 6989. Since we don't reuse DH secrets, it is mostly a sanity check.
* Implemented libstrongswan.plugins.random.strong_equals_true optionAndreas Steffen2013-11-163-0/+22
|
* plugin-loader: Convenience function added to add plugin dirs in build treeTobias Brunner2013-11-062-0/+28
|
* pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOBTobias Brunner2013-10-232-61/+12
| | | | This allows more than one builder to try parsing the data read from STDIN.
* openssl: Add workaround if ECC Brainpool curves are not definedTobias Brunner2013-10-171-11/+247
|
* openssl: Add support for ECC Brainpool curves for DH, if defined by OpenSSLTobias Brunner2013-10-172-6/+51
| | | | OpenSSL does not include them in releases before 1.0.2.
* ccm: Add missing comma in get_iv_gen method signatureTobias Brunner2013-10-111-1/+1
|
* iv_gen: aead_t implementations provide an IV generatorTobias Brunner2013-10-113-0/+46
|
* unbound: Add support for DLV (DNSSEC Lookaside Validation)Tobias Brunner2013-10-111-12/+23
| | | | Fixes #392.
* database: Add support for serializable transactionsTobias Brunner2013-10-112-3/+16
|
* sqlite: Implement transaction handlingTobias Brunner2013-10-111-6/+83
|
* mysql: Implement transaction handlingTobias Brunner2013-10-111-7/+119
|
* database: Add interface to handle transactionsTobias Brunner2013-10-112-0/+44
|
* mysql: Ensure connections are properly released in multi-threaded environmentsTobias Brunner2013-10-111-14/+23
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-113-6/+6
| | | | for IKEv2 anyway
* openssl: Properly log FIPS mode when enabled via openssl.confTobias Brunner2013-09-271-5/+13
| | | | | | | | | Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf it should be disabled in strongswan.conf (or the other way around). Either way, we should log whether FIPS mode is enabled or not. References #412.
* sshkey: Add support for parsing keys from filesTobias Brunner2013-09-131-1/+92
|
* sshkey: Add encoding for ECDSA keysTobias Brunner2013-09-131-0/+72
|
* openssl: Add support for generic encoding of EC public keysTobias Brunner2013-09-131-23/+13
|
* sshkey: Add encoder for RSA keysTobias Brunner2013-09-135-2/+91
|
* openssl: Add generic RSA public key encodingTobias Brunner2013-09-131-3/+17
|
* openssl: Add helper function to convert BIGNUMs to chunksTobias Brunner2013-09-132-0/+27
|
* keychain: be less verbose when loading certificatesMartin Willi2013-07-311-2/+5
|
* keychain: Use AM_CPPFLAGS instead of INCLUDESTobias Brunner2013-07-191-1/+1
|
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-182-0/+14
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 15:15:25 +0000