aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
Commit message (Collapse)AuthorAgeFilesLines
* bliss: Fix compile error of unit tests due to uninitialized variableTobias Brunner2017-09-181-1/+1
|
* Define MODP_CUSTOM constructors as variadic functionsTobias Brunner2017-09-188-22/+28
| | | | | | They now match the dh_constructor_t signature. This is a follow up for the changes merged with b668bf3f9ec1 and should fix use of MODP_CUSTOM on Apple's ARM64 platform.
* plugin-loader: Correctly read dlopen_use_rtld_now optionTobias Brunner2017-09-181-1/+1
| | | | Fixes: 305c4aa82cb0 ("plugin-loader: Optionally use RTLD_NOW with dlopen()")
* openssl: Add support for delta CRLsTobias Brunner2017-09-182-19/+74
|
* certificates: Use shared destructor for x509_cdp_tTobias Brunner2017-09-183-33/+6
|
* plugin-loader: Move indent variables into !USE_FUZZING blockTobias Brunner2017-08-151-2/+2
| | | | This avoids compile errors on Travis.
* gmp: Fix RSA signature verification for m >= nTobias Brunner2017-08-141-3/+9
| | | | | | | | By definition, m must be <= n-1, we didn't enforce that and because mpz_export() returns NULL if the passed value is zero a crash could have been triggered with m == n. Fixes CVE-2017-11185.
* sha2: Write final hash directly to output bufferTobias Brunner2017-08-071-56/+26
| | | | | | This avoids having the last output in internal memory that's not wiped. References #2388.
* curl: Enable following redirectsTobias Brunner2017-07-271-0/+9
| | | | | | | The maximum number of redirects can be limited. The functionality can also be disabled. Fixes #2366.
* imv-swima: Implemented SW event processingAndreas Steffen2017-07-081-2/+12
|
* x509: Correctly encode nonce in OCSP requestTobias Brunner2017-07-071-1/+2
| | | | | The nonce value is encoded as OCTET STRING, however, the extension values themselves must also be encoded as OCTET STRING.
* configure: Enable coverage for all plugins via PLUGIN_CFLAGSTobias Brunner2017-06-203-6/+3
|
* openssl: Properly handle flags in key usage extensionTobias Brunner2017-06-141-8/+6
|
* x509: nameConstraints sequence does not require a loopAndreas Steffen2017-05-291-2/+1
| | | | Fixes: CVE-2017-9023
* asn1-parser: Fix CHOICE parsingAndreas Steffen2017-05-291-53/+59
| | | | Fixes: CVE-2017-9023
* gmp: Make sure the modulus is odd and the exponent not zeroTobias Brunner2017-05-291-1/+6
| | | | | | | | | Unlike mpz_powm() its secure replacement mpz_powm_sec() has the additional requirement that the exponent must be > 0 and the modulus has to be odd. Otherwise, it will crash with a floating-point exception. Fixes: CVE-2017-9022 Fixes: 3e35a6e7a1b0 ("Use side-channel secured mpz_powm_sec of libgmp 5, if available")
* linked-list: Change return value of find_first() and signature of its callbackTobias Brunner2017-05-261-18/+20
| | | | This avoids the unportable five pointer hack.
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-265-102/+145
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-267-50/+74
|
* x509: Fix leak when parsing CDPs if an invalid one follows valid onesTobias Brunner2017-05-231-2/+2
|
* pem: Ensure a value before checking Proc-Type in PEM headerTobias Brunner2017-05-231-1/+1
|
* plugin-loader: Disable some logging output when building fuzz targetsTobias Brunner2017-05-231-4/+19
| | | | | This avoids evaluating %N. An alternative would be to define a printf-hook for plugin features.
* x509: Manually print CRL/OCSP URIs when fuzzingTobias Brunner2017-05-231-8/+25
| | | | This avoids a warning about the custom %Y printf specifier.
* plugin-constructors: Add script to generate constructor registrationTobias Brunner2017-05-231-0/+60
| | | | Using a Python script so this works in cross-compilation situations.
* plugin-loader: Add facility to register plugin constructorsTobias Brunner2017-05-232-3/+69
| | | | | | | | | | | | | | Enabled when building monolithically and statically. This should allow us to work around the -whole-archive issue with libtool. If the libraries register the plugin constructors they provide they reference the constructors and will therefore prevent the linker from removing these seemingly unused symbols from the final executable. For use cases where dlsym() can be used, e.g. because the static libraries are manually linked with -whole-archive (Linux) or -force-load (Apple), this can be disabled by passing ss_cv_static_plugin_constructors=no to the configure script.
* pem: Don't read beyond line endsTobias Brunner2017-05-231-2/+2
|
* x509: Fix leak if there is an empty CDPTobias Brunner2017-05-231-1/+7
|
* x509: Fix leak if a certificate contains multiple authorityKeyIdentifiersTobias Brunner2017-05-231-0/+1
|
* af-alg: Fix crypt() definition conflictBaruch Siach2017-05-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | Rename the crypt() method to avoid conflict with POSIX crypt(). Fixes the following build failure with musl libc: In file included from ../../../../src/libstrongswan/utils/utils.h:53:0, from ../../../../src/libstrongswan/library.h:101, from af_alg_ops.h:24, from af_alg_ops.c:16: af_alg_ops.c:110:22: error: conflicting types for 'crypt' METHOD(af_alg_ops_t, crypt, bool, ^ ../../../../src/libstrongswan/utils/utils/object.h:99:13: note: in definition of macro 'METHOD' static ret name(union {iface *_public; this;} \ ^ In file included from af_alg_ops.c:18:0: .../host/usr/x86_64-buildroot-linux-musl/sysroot/usr/include/unistd.h:144:7: note: previous declaration of 'crypt' was here char *crypt(const char *, const char *); ^ Closes strongswan/strongswan#72.
* x509: Evaluate return codes of parsing functionsAndreas Steffen2017-05-084-52/+149
|
* Fixed some typos, courtesy of codespellTobias Brunner2017-03-231-1/+1
|
* x509: Do not mark generated addrblock extension as criticalMartin Willi2017-02-271-2/+1
| | | | | | | | | | | | | | While RFC 3779 says we SHOULD mark it is critical, this has severe side effects in practice. The addrblock extension is not widely used nor implemented, and only a few applications can handle this extension. By marking it critical, none of these applications can make use of such certificates where included addrblocks do not matter, such as TLS/HTTPS. If an application wants to make use of addrblocks, that is usually an explicit decision. Then the very same application obviously can handle addrblocks, and there is no need for the extension to be critical. In other words, for local policy checks it is a local matter to handle the extension, hence making it critical is usually not of much help.
* x509: Support encoding the RFC 3779 addrblock extensionMartin Willi2017-02-271-3/+134
|
* plugin-loader: Fix hashing of registered plugin featuresTobias Brunner2017-02-241-1/+1
| | | | | | | This strangely never caused any noticeable issues, but was the reason for build failures in certain test cases (mostly BLISS) due to missing plugin features when built with specific options on Travis (was not reproducible locally).
* revocation: More accurately describe the flags to disable OCSP/CRL validationTobias Brunner2017-02-151-8/+7
| | | | | | These options disable validation as such, e.g. even from cached CRLs, not only the fetching. Also made the plugin's validate() implementation a no-op if both options are disabled.
* bliss: Increase timeout for sampler unit testTobias Brunner2017-01-161-2/+2
| | | | Fixes #2204.
* revocation: OCSP and/or CRL fetching can be disabledAndreas Steffen2016-12-301-38/+71
|
* Moved Ed25519 tests to libstrongswanAndreas Steffen2016-12-146-646/+6
|
* Implemented EdDSA for IKEv2 using a pro forma Identity hash functionAndreas Steffen2016-12-144-0/+77
|
* Added Ed25519 ref10 implementation from libsodiumAndreas Steffen2016-12-1412-16/+5785
|
* Added support of EdDSA signaturesAndreas Steffen2016-12-1414-14/+769
|
* openssl: BoringSSL doesn't provide curve data for ECC Brainpool curvesTobias Brunner2016-12-101-1/+4
|
* plugin-loader: Strip '!' from critical plugin names when setting pathsTobias Brunner2016-11-181-1/+1
|
* curve22519: Add a portable backend implemented in plain CMartin Willi2016-11-144-0/+647
|
* curve25519: Add a plugin providing Curve25519 DH using backend driversMartin Willi2016-11-147-0/+462
|
* test-vectors: Add a Curve25519 DH test vectorMartin Willi2016-11-143-0/+36
|
* added XOF dependencies of bliss and ntru pluginsAndreas Steffen2016-10-182-4/+26
|
* newhope: Fix Doxygen group nameTobias Brunner2016-10-141-1/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-10-141-2/+2
|
* newhope: Properly release allocated arrays if RNG can't be createdTobias Brunner2016-10-141-8/+8
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-20 15:52:59 +0000