aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
Commit message (Collapse)AuthorAgeFilesLines
* x509: Do not mark generated addrblock extension as criticalMartin Willi2017-02-271-2/+1
| | | | | | | | | | | | | | While RFC 3779 says we SHOULD mark it is critical, this has severe side effects in practice. The addrblock extension is not widely used nor implemented, and only a few applications can handle this extension. By marking it critical, none of these applications can make use of such certificates where included addrblocks do not matter, such as TLS/HTTPS. If an application wants to make use of addrblocks, that is usually an explicit decision. Then the very same application obviously can handle addrblocks, and there is no need for the extension to be critical. In other words, for local policy checks it is a local matter to handle the extension, hence making it critical is usually not of much help.
* x509: Support encoding the RFC 3779 addrblock extensionMartin Willi2017-02-271-3/+134
|
* plugin-loader: Fix hashing of registered plugin featuresTobias Brunner2017-02-241-1/+1
| | | | | | | This strangely never caused any noticeable issues, but was the reason for build failures in certain test cases (mostly BLISS) due to missing plugin features when built with specific options on Travis (was not reproducible locally).
* revocation: More accurately describe the flags to disable OCSP/CRL validationTobias Brunner2017-02-151-8/+7
| | | | | | These options disable validation as such, e.g. even from cached CRLs, not only the fetching. Also made the plugin's validate() implementation a no-op if both options are disabled.
* bliss: Increase timeout for sampler unit testTobias Brunner2017-01-161-2/+2
| | | | Fixes #2204.
* revocation: OCSP and/or CRL fetching can be disabledAndreas Steffen2016-12-301-38/+71
|
* Moved Ed25519 tests to libstrongswanAndreas Steffen2016-12-146-646/+6
|
* Implemented EdDSA for IKEv2 using a pro forma Identity hash functionAndreas Steffen2016-12-144-0/+77
|
* Added Ed25519 ref10 implementation from libsodiumAndreas Steffen2016-12-1412-16/+5785
|
* Added support of EdDSA signaturesAndreas Steffen2016-12-1414-14/+769
|
* openssl: BoringSSL doesn't provide curve data for ECC Brainpool curvesTobias Brunner2016-12-101-1/+4
|
* plugin-loader: Strip '!' from critical plugin names when setting pathsTobias Brunner2016-11-181-1/+1
|
* curve22519: Add a portable backend implemented in plain CMartin Willi2016-11-144-0/+647
|
* curve25519: Add a plugin providing Curve25519 DH using backend driversMartin Willi2016-11-147-0/+462
|
* test-vectors: Add a Curve25519 DH test vectorMartin Willi2016-11-143-0/+36
|
* added XOF dependencies of bliss and ntru pluginsAndreas Steffen2016-10-182-4/+26
|
* newhope: Fix Doxygen group nameTobias Brunner2016-10-141-1/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-10-141-2/+2
|
* newhope: Properly release allocated arrays if RNG can't be createdTobias Brunner2016-10-141-8/+8
|
* revocation: Cache valid CRL also if certificate is revokedTobias Brunner2016-10-111-10/+25
|
* openssl: Fix AES-GCM with BoringSSLTobias Brunner2016-10-111-3/+3
| | | | | | | | BoringSSL only supports a limited list of (hard-coded) algorithms via EVP_get_cipherbyname(), which does not include AES-GCM. While BoringSSL deprecated these functions they are also supported by OpenSSL (in BoringSSL a completely new interface for AEADs was added, which OpenSSL currently does not support).
* ldap: Fix crash in case of empty LDAP response for CRL fetchYannick CANN2016-10-061-2/+1
| | | | | | | | | In case of an empty LDAP result during a CRL fetch (for example, due to a wrong filter attribute in the LDAP URI, or invalid LDAP configuration), the call to ldap_result2error() with NULL value for "entry" lead to a crash. Closes strongswan/strongswan#52.
* openssl: Add a generic private key loaderTobias Brunner2016-10-057-18/+129
|
* pkcs1: Support building of KEY_ANY private keysTobias Brunner2016-10-052-5/+73
| | | | | We try to detect the type of key by parsing the basic structure of the passed ASN.1 blob.
* pkcs11: Look for the CKA_ID of the cert if it doesn't match the subjectKeyIdRaphael Geissert2016-10-041-4/+152
| | | | | | | | | | | | | | charon-nm fails to find the private key when its CKA_ID doesn't match the subjectKeyIdentifier of the X.509 certificate. In such cases, the private key builder now falls back to enumerating all the certificates, looking for one that matches the supplied subjectKeyIdentifier. It then uses the CKA_ID of that certificate to find the corresponding private key. It effectively means that PKCS#11 tokens where the only identifier to relate the certificate, the public key, and the private key is the CKA_ID are now supported by charon-nm. Fixes #490.
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-229-64/+96
|
* bliss sampler unit-test: Fixed enumeration typeAndreas Steffen2016-09-221-2/+2
|
* bliss: bliss_sampler expects XOF typeAndreas Steffen2016-09-221-4/+3
|
* mgf1: Refactored MGF1 as an XOFAndreas Steffen2016-09-2119-78/+564
|
* unbound: Avoid unnecessary cloning of RR list that caused a memory leakTobias Brunner2016-09-201-2/+1
|
* unbound: Fix memory leakTobias Brunner2016-09-201-0/+2
|
* padlock: Use builtin bswap32() to fix compilation on FreeBSDTobias Brunner2016-08-311-6/+5
| | | | Fixes #591.
* unit-tests: Removed unused variableAndreas Steffen2016-08-111-2/+0
|
* unit-tests: Created newhope unit-testsAndreas Steffen2016-08-108-7/+1334
|
* Created newhope plugin implementing the New Hope key exchange algorithmAndreas Steffen2016-08-109-0/+1334
|
* xof: Added ChaCha20 stream as XOFAndreas Steffen2016-08-067-1/+306
|
* integrity-test: Added ntru_param_sets to read-only segmentAndreas Steffen2016-07-297-36/+96
|
* integrity-test: Added bliss_param_sets to read-only segmentAndreas Steffen2016-07-2914-63/+68
|
* integrity-test: check code and ro segments of libnttfftAndreas Steffen2016-07-291-1/+1
|
* Created libnttfftAndreas Steffen2016-07-2913-1272/+47
| | | | | This makes Number Theoretic Transforms (NTT) based on the efficient Fast-Fourier-Transform (FFT) available to multiple plugins.
* Share twiddle factors table between 512 and 1024 point FFTAndreas Steffen2016-07-293-134/+14
|
* Implemented FFT with n = 1024 and q = 11289 using Montgomery arithmeticAndreas Steffen2016-07-293-8/+495
|
* bliss: Implemented FFT with fast Montgomery arithmeticAndreas Steffen2016-07-298-102/+294
|
* xof: Implemented SHAKE128 and SHAKE256 Extended Output FunctionsAndreas Steffen2016-07-2911-415/+1293
|
* xof: Defined Extended Output FunctionsAndreas Steffen2016-07-293-0/+43
|
* unit-tests: Decreased loop count of FFT speed test to 10'000Andreas Steffen2016-07-221-1/+1
|
* unit-tests: Added bliss_fft_speed testAndreas Steffen2016-07-221-1/+42
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-07-041-1/+1
|
* plugin-loader: Allow selective modification of the default plugin listTobias Brunner2016-06-291-10/+24
| | | | | | | This change allows selectively modifying the default plugin list by setting the `load` setting of individual plugins (e.g. to disable them or to change their priority) without enabling charon.load_modular and having to configure a section and a load statement for every plugin.
* openssl: Update GCM/crypter API to OpenSSL 1.1.0Tobias Brunner2016-06-291-13/+13
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-23 22:35:13 +0000