aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* xof: Defined Extended Output FunctionsAndreas Steffen2016-07-293-0/+43
|
* unit-tests: Decreased loop count of FFT speed test to 10'000Andreas Steffen2016-07-221-1/+1
|
* unit-tests: Added bliss_fft_speed testAndreas Steffen2016-07-221-1/+42
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-07-041-1/+1
|
* plugin-loader: Allow selective modification of the default plugin listTobias Brunner2016-06-291-10/+24
| | | | | | | This change allows selectively modifying the default plugin list by setting the `load` setting of individual plugins (e.g. to disable them or to change their priority) without enabling charon.load_modular and having to configure a section and a load statement for every plugin.
* openssl: Update GCM/crypter API to OpenSSL 1.1.0Tobias Brunner2016-06-291-13/+13
|
* openssl: Update HMAC API to OpenSSL 1.1.0Tobias Brunner2016-06-291-9/+25
|
* openssl: Don't use deprecated RAND_pseudo_bytes()Tobias Brunner2016-06-291-7/+0
|
* openssl: Update PKCS#12 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-1/+5
|
* openssl: Update PKCS#7 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-3/+7
|
* openssl: Update CRL API to OpenSSL 1.1.0Tobias Brunner2016-06-291-7/+42
| | | | | | There is currently no way to compare the outer and inner algorithms encoded in a parsed CRL. X509_CRL_verify() does not seem to check that either, though (unlike X509_verify()).
* openssl: Update x509 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-12/+48
|
* openssl: Update ECDSA API to OpenSSL 1.1.0Tobias Brunner2016-06-292-5/+24
|
* openssl: Update RSA API to OpenSSL 1.1.0Tobias Brunner2016-06-292-16/+52
|
* openssl: Make some utilities take const BIGNUM pointersTobias Brunner2016-06-292-4/+6
|
* openssl: Add macro to define fallback functions for non-opaque OpenSSL versionsTobias Brunner2016-06-291-0/+38
|
* openssl: Update DH API to OpenSSL 1.1.0Tobias Brunner2016-06-291-11/+41
|
* openssl: Update crypter API to OpenSSL 1.1.0Tobias Brunner2016-06-291-12/+17
| | | | | EVP_CIPHER and EVP_CIPHER_CTX are now opaque types, the getters already existed before.
* openssl: Fix mapping from ASN1 to chunk_t with OpenSSL 1.1.0Tobias Brunner2016-06-291-1/+7
| | | | ASN1_OBJECT is now opaque.
* openssl: Update initialization and cleanup for OpenSSL 1.1.0Tobias Brunner2016-06-291-7/+17
| | | | | | We can't call OPENSSL_cleanup() as that would prevent us from re-initializing the library again (which we use in the Android app, that loads/unloads plugins).
* openssl: OpenSSL 1.1.0 is thread-safe so we don't have to setup callbacksTobias Brunner2016-06-291-0/+13
|
* android: Use non-aliased cipher identifiersTobias Brunner2016-06-131-12/+12
| | | | | | Some of these are also understood by BoringSSL. Fixes #1510.
* x509: Properly wrap keyid in authorityKeyIdentifier in attribute certificatesTobias Brunner2016-06-061-1/+2
| | | | | | | The correct encoding got lost in bdec2e4f5291 ("refactored openac and its attribute certificate factory"). Fixes #1370.
* af-alg: Silently skip probing algorithms if AF_ALG is not supportedMartin Willi2016-05-191-0/+19
| | | | | | If the af-alg plugin is enabled, but kernel support is missing, we get an error line during startup for each probed algorithm. This is way too verbose, so just skip probing if AF_ALG is unsupported.
* curl: Add TLS support if libcurl is built against BoringSSLTobias Brunner2016-04-151-1/+2
| | | | | We don't have to rely on the openssl plugin and its threading initialization as BoringSSL is thread-safe out of the box.
* openssl: BoringSSL does not support configurationTobias Brunner2016-04-151-0/+4
| | | | | The other initialization functions are still defined but many are apparently no-ops (this is also true for the threading initialization).
* openssl: The member storing the DH exponent length has been renamed in BoringSSLTobias Brunner2016-04-151-0/+4
|
* openssl: Use proper EVP macro to determine size of a hashTobias Brunner2016-04-152-2/+2
|
* curl: Handle LibreSSL like OpenSSL in regards to multi-threadingTobias Brunner2016-04-151-1/+1
| | | | | LibreSSL is API compatible so our openssl plugin does not need any changes and it works fine with the curl plugin.
* pkcs11: Skip zero-padding of r and s when preparing EC signatureTobias Brunner2016-04-051-3/+9
| | | | | | They are zero padded to fill the buffer. Fixes #1377.
* Use u_int32_t legacy type in blowfish header fileAndreas Steffen2016-03-241-1/+1
|
* Use standard unsigned integer typesAndreas Steffen2016-03-2460-380/+380
|
* vici: Support of raw public keysAndreas Steffen2016-01-092-0/+15
|
* 128 bit default security strength for IKE and ESP algorithmsAndreas Steffen2015-12-171-19/+19
| | | | | | | | | | | | | | | | | The default ESP cipher suite is now AES_CBC-128/HMAC_SHA2_256_128 and requires SHA-2 HMAC support in the Linux kernel (correctly implemented since 2.6.33). The default IKE cipher suite is now AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 if the openssl plugin is loaded or AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 if ECC is not available. The use of the SHA-1 hash algorithm and the MODP_2048 DH group has been deprecated and ENCR_CHACHA20_POLY1305 has been added to the default IKE AEAD algorithms.
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-143-16/+16
|
* Allow msSmartcardLogon EKU to be builtAndreas Steffen2015-12-111-2/+2
|
* Print OCSP single responsesAndreas Steffen2015-12-111-2/+40
|
* byteorder: Add 32-bit unaligned little-endian conversion functionsMartin Willi2015-12-041-21/+0
|
* revocation: Allow CRLs to be encoded in PEM formatTobias Brunner2015-11-121-1/+1
| | | | | | | | | | Since the textual representation for a CRL is now standardized in RFC 7468 one could argue that we should accept that too, even though RFC 5280 explicitly demands CRLs fetched via HTTP/FTP to be in DER format. But in particular for file URIs enforcing that seems inconvenient. Fixes #1203.
* curl: Be less strict when considering status codes as errorsTobias Brunner2015-11-121-3/+3
| | | | | | | For file:// URIs the code is 0 on success. We now do the same libcurl would do with CURLOPT_FAILONERROR enabled. Fixes #1203.
* plugin-loader: Optionally use RTLD_NOW with dlopen()Tobias Brunner2015-11-091-6/+11
| | | | | | | | | This can be useful when writing custom plugins as typos or missing linker flags that result in unresolved symbols in the shared object could otherwise cause late crashes. In particular, if such a symbol is used in a code path that is rarely executed. During development and testing using RTLD_NOW instead of RTLD_LAZY will prevent the plugin from getting loaded and makes the error visible immediately.
* Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemesAndreas Steffen2015-11-065-19/+31
|
* Use word-aligned XOR in sha3_absorb()Andreas Steffen2015-11-031-4/+47
|
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-032-0/+12
|
* Implemented SHA-3 hash algorithm including test vectorsAndreas Steffen2015-11-038-0/+1022
|
* random: Properly handle errors when reading from /dev/[u]randomTobias Brunner2015-10-291-0/+1
| | | | | | | | If -1 was returned on the first call to read() `done` got SIZE_MAX and the function returned TRUE even though no actual random data had been allocated. Fixes #1156.
* openssl: Explicitly include openssl/bn.hTobias Brunner2015-09-165-0/+5
| | | | | | | | If OpenSSL is compiled with OPENSSL_NO_DEPRECATED some of the headers we include don't include openssl/bn.h anymore. Therefore, we have to explicitly include it ourselves where we use BN_* functions. Fixes #1113.
* Fixed some typos, courtesy of codespellTobias Brunner2015-08-271-1/+1
|
* Fix some Doxygen issuesTobias Brunner2015-08-271-1/+1
|
* plugin-feature: Add vendor specific EAP method registration macrosTobias Brunner2015-08-172-8/+18
| | | | | | | | | | | Vendor specific EAP methods may be registered with: PLUGIN_CALLBACK(eap_method_register, <constructor>), PLUGIN_PROVIDE(EAP_SERVER_VENDOR, <type>, <vendor>), Same for client implementations via EAP_PEER_VENDOR. References #969.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 21:00:21 +0000