aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* x509: Undef OCSP_RESPONSE from <wincrypt.h> before using itMartin Willi2014-06-041-0/+5
|
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-0447-49/+48
|
* windows: Provide wrappers for dlopen() function familyMartin Willi2014-06-031-0/+2
|
* curl: Don't set CURLOPT_FAILONERRORTobias Brunner2014-05-311-14/+5
| | | | | With the strongTNC REST API some errors will actually be accompanied by a response we want to receive completely.
* soup: Add support to retrieve the response codeTobias Brunner2014-05-191-2/+14
|
* curl: Add support to return the response codeTobias Brunner2014-05-191-1/+27
|
* enum: Don't directly include enum.hMartin Willi2014-05-162-3/+2
| | | | | To allow enum.h to depend on utils.h definitions, avoid its direct inclusion. Instead include utils.h, which includes enum.h as well.
* unbound: Explicitly cast from ldns RR type/class to our typesMartin Willi2014-05-161-2/+2
| | | | | | These definitions are directly derived from the RFC, so it should be safe to cast them. clang complains about the different types, so cast them explicitly.
* x509: Remove some unused ASN1 OID constantsMartin Willi2014-05-162-25/+0
|
* aes: Remove unused build variantsMartin Willi2014-05-161-622/+65
| | | | | | The AES code historically has different build options for various size/speed trade-offs. We never made use of them, so just drop the obsolete code. The code now has four hard-coded fixed tables, both inverse and original.
* Added PUBKEY_RSA_MODULUS encoding typeAndreas Steffen2014-05-021-12/+35
|
* sqlite: Allow query arguments to be freed before starting the enumerationTobias Brunner2014-04-301-2/+4
| | | | | By marking the string/blob arguments as transient, SQLite will copy and free them automatically.
* x509: Don't include authKeyIdentifier in self-signed certificatesTobias Brunner2014-04-091-1/+1
| | | | | As the comment indicates this was the intention in d7be2906433a7dcfefc1fd732587865688dbfe1b all along.
* x509: Initialize certs when building optionalSignature for OCSP requestsTobias Brunner2014-04-091-1/+1
|
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-081-3/+10
|
* Initialize m1 to suppress compiler warningAndreas Steffen2014-04-071-1/+1
|
* test-vectors: Renumber AES-GCM test vectors according to original sourceTobias Brunner2014-03-312-16/+100
| | | | Also adds several missing ones.
* aead: Support custom AEAD salt sizesMartin Willi2014-03-318-25/+68
| | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* revocation: Log error if no OCSP signer candidate foundMartin Willi2014-03-311-1/+1
| | | | Fixes evaluation of ikev2/ocsp-untrusted-cert.
* revocation: Restrict OCSP signing to specific certificatesMartin Willi2014-03-311-7/+63
| | | | | | | | | | | | | To avoid considering each cached OCSP response and evaluating its trustchain, we limit the certificates considered for OCSP signing to: - The issuing CA of the checked certificate - A directly delegated signer by the same CA, having the OCSP signer constraint - Any locally installed (trusted) certificate having the OCSP signer constraint The first two options cover the requirements from RFC 6960 2.6. For compatibility with non-conforming CAs, we allow the third option as exception, but require the installation of such certificates locally.
* revocation: Don't merge auth config of CLR/OCSP trustchain validationMartin Willi2014-03-311-39/+24
| | | | | | | | | | This behavior was introduced with 6840a6fb to avoid key/signature strength checking for the revocation trustchain as we do it for end entity certificates. Unfortunately this breaks CA constraint checking under certain conditions, as we merge additional intermediate/CA certificates to the auth config. As key/signature strength checking of the revocation trustchain is a rather exotic requirement we drop support for that to properly enforce CA constraints.
* x509: CERT_DECODE actually requires KEY_ANYTobias Brunner2014-03-311-3/+1
| | | | | More specific decoders might still be needed, but the x509 plugin should not care which ones.
* pkcs1: KEY_ANY public key decoder soft depends on specific decodersTobias Brunner2014-03-311-0/+3
|
* acert: Implement a plugin finding, validating and evaluating attribute certsMartin Willi2014-03-315-0/+356
| | | | | | This validator checks for any attribute certificate it can find for validated end entity certificates and tries to extract group membership information used for connection authorization rules.
* x509: Match acert has_subject() against entityName or holder serialMartin Willi2014-03-311-5/+25
| | | | | This allows us to find attribute certificates for a subject certificate in credential sets.
* pem: Support encoding of attribute certificatesMartin Willi2014-03-311-1/+6
| | | | | | | While there is no widely used PEM header for attribute certificates, at least IAIK-JCE uses BEGIN ATTRIBUTE CERTIFICATE: http://javadoc.iaik.tugraz.at/iaik_jce/current/iaik/utils/Util.html#toPemString(iaik.x509.attr.AttributeCertificate)
* x509: Replace the comma separated string AC group builder with a list based oneMartin Willi2014-03-311-5/+5
|
* x509: Integrate IETF attribute handling, and obsolete ietf_attributes_tMartin Willi2014-03-311-9/+184
| | | | | The ietf_attributes_t class is used for attribute certificates only these days, and integrating them to x509_ac_t simplifies things significantly.
* x509: Replace fixed acert group string getter by a more dynamic group enumeratorMartin Willi2014-03-311-3/+3
|
* x509: Skip parsing of acert chargingIdentity, as we don't use it anywayMartin Willi2014-03-311-9/+1
|
* x509: Fix some whitespaces and do some minor style cleanups in acertMartin Willi2014-03-311-72/+76
|
* openssl: Add default fallback when calculating fingerprints of RSA keysTobias Brunner2014-03-221-1/+15
| | | | | | We still try to calculate these directly as it can avoid a dependency on the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the actual fingerprint calculation to the pgp plugin.
* Completed integration of ntru_crypto library into ntru pluginAndreas Steffen2014-03-2220-1707/+1165
|
* plugin-feature: Hash only the actually used feature argumentTobias Brunner2014-03-201-1/+31
| | | | | | | | Clang does not initialize padding in union members so hashing the complete "arg" union could lead to different hashes if the hashed plugin_feature_t does not have static storage duration. Fixes #549.
* plugin-loader: Properly initialize modular plugin list if no plugins are enabledTobias Brunner2014-03-181-0/+1
|
* Implemented ntru_private_key classAndreas Steffen2014-03-1814-1341/+1085
|
* 11 bits are needed to encode a maximum index of 1086Andreas Steffen2014-03-151-1/+1
|
* Refactored NTRU parameter set selectionAndreas Steffen2014-03-073-40/+47
|
* Refactored ntru_param_setsAndreas Steffen2014-03-079-246/+175
|
* Optimize ntru_poly constructors some more5.1.2Andreas Steffen2014-02-271-26/+24
|
* Optimized initialisation of indicesAndreas Steffen2014-02-271-50/+39
|
* Added get_array() method to ntru_poly_t classAndreas Steffen2014-02-275-156/+57
|
* Defined ntru_poly_create_from_seed() and ntru_poly_create_from_data() ↵Andreas Steffen2014-02-275-131/+100
| | | | constructors and built some unit tests for the latter)
* Optimized use of temporary arrays in polynomial multiplicationAndreas Steffen2014-02-272-24/+24
|
* Implement ring multiplication methodAndreas Steffen2014-02-273-99/+228
|
* index limit can be easily computedAndreas Steffen2014-02-195-42/+18
|
* uclibc only defines strndup(3) if _GNU_SOURCE is definedTobias Brunner2014-02-191-2/+2
| | | | References #516.
* sshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is definedTobias Brunner2014-02-191-0/+1
| | | | Fixes #516.
* Created ntru_poly class for sparse trinary polynomialsAndreas Steffen2014-02-188-434/+455
|
* plugin-loader: Escape <ns> in comment as Doxygen sees this as XML tagTobias Brunner2014-02-181-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 17:49:09 +0000