aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
Commit message (Collapse)AuthorAgeFilesLines
* Wipe auxiliary key store5.3.0Andreas Steffen2015-03-281-1/+1
|
* fips-prf: Fail when trying to use append mode on FIPS-PRFMartin Willi2015-03-281-1/+6
| | | | | Append mode hardly makes sense for the special stateful FIPS-PRF, which is different to other PRFs.
* cmac: Reset state before doing set_key()Martin Willi2015-03-271-0/+3
|
* af-alg: Reset hmac/xcbc state before doing set_key()Martin Willi2015-03-272-0/+2
|
* xcbc: Reset XCBC state in set_key()Martin Willi2015-03-271-0/+4
| | | | | If some partial data has been appended, a truncated key gets invalid if it is calculated from the pending state.
* hmac: Reset the underlying hasher before doing set_key() with longer keysMartin Willi2015-03-271-1/+2
| | | | | | | The user might have done a non-complete append, having some state in the hasher. Fixes #909.
* diffie-hellman: Verify public DH values in backendsMartin Willi2015-03-235-0/+25
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-236-28/+31
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-236-7/+13
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-236-19/+19
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* files: Add simple plugin to load files from file:// URIsTobias Brunner2015-03-095-0/+293
|
* plugin-loader: Increase log level for warning about plugin features that ↵Tobias Brunner2015-03-091-3/+3
| | | | | | | | | failed to load Since we can't get rid of all unmet dependencies (at least not in every possible plugin configuration) the message is more confusing than helpful. In particular because a detailed warning about plugin features that failed to load due to unmet dependencies is only logged on level 2.
* pkcs11: Convert RFC 3279 ECDSA signatures when verifyingTobias Brunner2015-03-091-4/+33
| | | | References #873.
* pkcs11: Properly encode RFC 3279 ECDSA signaturesTobias Brunner2015-03-091-2/+19
| | | | Fixes #873.
* pkcs11: Properly encode EC_POINTs created on a tokenTobias Brunner2015-03-091-5/+8
| | | | | | | Some tokens might not fail when creating EC public keys in the incorrect format, but they will later not be able to use them to verify signatures. References #872.
* pkcs11: Properly handle EC_POINTs returned as ASN.1 octet stringTobias Brunner2015-03-091-1/+43
| | | | | | | This is the correct encoding but we internally only use unwrapped keys and some tokens return them unwrapped. Fixes #872.
* x509: Use subjectKeyIdentifier provided by issuer cert when checking CRL issuerTobias Brunner2015-03-061-18/+15
| | | | | | | | | Some CAs don't use SHA-1 hashes of the public key as subjectKeyIdentifier and authorityKeyIdentifier. If that's the case we can't force the calculation of the hash to compare that to authorityKeyIdentifier in the CRL, instead we use the subjectKeyIdentifier stored in the issuer certificate, if available. Otherwise, we fall back to the SHA-1 hash (or comparing the DNs) as before.
* bliss: Add generated Huffman codes to the repositoryTobias Brunner2015-03-025-14/+860
| | | | | | | | | | | | | While these files are generated they don't really change and are not architecture dependant. The previous solution prevented cross-compilation from the repository as `bliss_huffman` was built for the target system but was then executed on the build host to create the source files, which naturally was bound to fail. The `recreate-bliss-huffman` make target can be used inside the bliss directory to update the source files if needed. Fixes #812.
* Fixed compiler warningsAndreas Steffen2015-02-271-2/+3
|
* Allow SHA256 and SHA384 data hash for BLISS signatures.Andreas Steffen2015-02-264-26/+74
| | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle.
* unit-tests: Completed BLISS testsAndreas Steffen2015-02-256-16/+668
|
* Check for null pointer before applying memwipe()Andreas Steffen2015-02-251-4/+10
|
* Implemented improved BLISS-B signature algorithmAndreas Steffen2015-02-256-47/+352
|
* plugin-loader: Do not unload libraries during dlclose(), if supportedMartin Willi2015-02-241-1/+9
| | | | | | | Unloading libraries calls any library constructor/destructor functions. Some libraries can't handle that in our excessive unit test use. GnuTLS leaks a /dev/urandom file descriptor, letting unit tests fail with arbitrary out-of-resources errors.
* openssl: Return the proper IV length for OpenSSL cryptersTobias Brunner2015-02-231-1/+1
| | | | | | | For instance, the NULL cipher has a block size of 1 but an IV length of 0. Fixes #854.
* x509: Fix public key reference leak if authority key identifier does not matchMartin Willi2015-02-061-10/+12
|
* unit-tests: Adapted to coverity fixesAndreas Steffen2014-12-231-9/+12
|
* Fixed bad bit shift and sign extension errorsAndreas Steffen2014-12-233-4/+14
|
* bliss: Remove unnecessary cast to doubleTobias Brunner2014-12-231-1/+1
| | | | | | Coverity is still not happy when the result of an integer division is assigned to a double (without e.g. casting the result to an int first to indicate the intent). The shift should avoid this issue.
* bliss: Log type if unsupportedTobias Brunner2014-12-231-1/+1
|
* bliss: Make sure sampler exists after checking for it earlierTobias Brunner2014-12-231-2/+2
|
* crypto: Define MODP_CUSTOM outside of IKE DH rangeTobias Brunner2014-12-236-6/+6
| | | | | | | | | Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221.
* bliss: Fix Doxygen commentsTobias Brunner2014-12-152-6/+6
|
* Also initialize s_signAndreas Steffen2014-12-121-1/+1
|
* pem: Handle BER indefinite length encoding as binary ASN.1Martin Willi2014-12-121-1/+24
| | | | | | While our ASN.1 parser can't handle BER indefinite length encoding, the OpenSSL backend can. Some PKCS#12 containers get encoded this way, so we should support loading such files in the pem plugin.
* Cache only support fingerprint typesAndreas Steffen2014-12-121-2/+4
|
* Fix ambiguities and gcc compiler warningAndreas Steffen2014-12-121-3/+3
|
* Use bitspender->get_bytes() method in ntru_tritsAndreas Steffen2014-12-121-26/+14
|
* Use Huffman code in BLISS signatureAndreas Steffen2014-12-127-38/+296
|
* Include design parameters in generated Huffman code filesAndreas Steffen2014-12-121-20/+31
|
* bliss: Fix monolithic buildTobias Brunner2014-12-1211-93/+114
| | | | | | | | | | | This requires moving test files so that the Makefile for the tests can be included after building libstrongswan, which requires the plugin when building monolithically. Due to this a static helper library is required as directly referring to object files (or source files) is not possible. It's also necessary to avoid any link-time dependency on libstrongswan in bliss_huffman, to avoid circular dependencies (bliss_huffman -> libstrongswan -> bliss -> bliss_huffman).
* bliss: Fix compilation warning with certain GCC versionsTobias Brunner2014-12-121-1/+2
| | | | | | Theoretically, n could be zero and these variables are then used uninitialized. Older GCC versions warn about this and on Travis where we compile with -Werror this causes the tests to fail.
* Pack private key arraysAndreas Steffen2014-12-101-17/+75
|
* Automatic generation of optimized Huffman codesAndreas Steffen2014-12-097-0/+559
|
* unit-tests: added bliss_sampler testAndreas Steffen2014-12-093-0/+99
|
* Expanded bliss_bitpacker to 32 bitsAndreas Steffen2014-12-095-41/+39
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-296-7/+15
| | | | pki tool
* Applied bit packing to BLISS public keyAndreas Steffen2014-11-295-55/+68
|
* Wipe BLISS private key memoryAndreas Steffen2014-11-291-2/+8
|
* Created bliss_bitpacker class to encode BLISS signaturesAndreas Steffen2014-11-298-46/+464
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 16:36:03 +0000