| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Also adds several missing ones.
|
| |
|
|
|
|
|
|
|
| |
The salt, or often called implicit nonce, varies between AEAD algorithms and
their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses
3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM.
Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine
until we go for CCM mode support in TLS, which requires 4 byte nonces.
|
| |
|
|
| |
Fixes evaluation of ikev2/ocsp-untrusted-cert.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To avoid considering each cached OCSP response and evaluating its trustchain,
we limit the certificates considered for OCSP signing to:
- The issuing CA of the checked certificate
- A directly delegated signer by the same CA, having the OCSP signer constraint
- Any locally installed (trusted) certificate having the OCSP signer constraint
The first two options cover the requirements from RFC 6960 2.6. For
compatibility with non-conforming CAs, we allow the third option as exception,
but require the installation of such certificates locally.
|
| |
|
|
|
|
|
|
|
|
| |
This behavior was introduced with 6840a6fb to avoid key/signature strength
checking for the revocation trustchain as we do it for end entity certificates.
Unfortunately this breaks CA constraint checking under certain conditions, as
we merge additional intermediate/CA certificates to the auth config.
As key/signature strength checking of the revocation trustchain is a rather
exotic requirement we drop support for that to properly enforce CA constraints.
|
| |
|
|
|
| |
This allows using const strings etc. for lookups without cast. And keys
are not modifiable anyway.
|
| |
|
|
|
| |
Simply using the pointer is not optimal for our hash table
implementation, which simply masks the key to determine the bucket.
|
| |
|
|
|
| |
More specific decoders might still be needed, but the x509
plugin should not care which ones.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
|
| |
|
|
|
| |
This allows us to find attribute certificates for a subject certificate in
credential sets.
|
| |
|
|
|
|
|
| |
While there is no widely used PEM header for attribute certificates, at least
IAIK-JCE uses BEGIN ATTRIBUTE CERTIFICATE:
http://javadoc.iaik.tugraz.at/iaik_jce/current/iaik/utils/Util.html#toPemString(iaik.x509.attr.AttributeCertificate)
|
| | |
|
| |
|
|
|
| |
The ietf_attributes_t class is used for attribute certificates only these days,
and integrating them to x509_ac_t simplifies things significantly.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
In case of sizeof(void*) == 8 and sizeof(int) == 4 on big-endian hosts
the tests failed as the actual integer value got cut off.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
We still try to calculate these directly as it can avoid a dependency on
the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the
actual fingerprint calculation to the pgp plugin.
|
| | |
|
| |
|
|
|
|
|
|
| |
The Blowfish and Twofish implementations provided by the gcrypt plugin
only support specific key lengths, which we don't know when testing
against vectors (either during unit tests or during algorithm
registration). The on_create test with a specific key length will be
skipped anyway, so there is no point in treating this failure differently.
|
| |
|
|
|
| |
The TESTS_VERBOSITY option takes an integer from -1 to 4 that sets the
default debug level.
|
| |
|
|
|
| |
The TESTS_SUITES environment variable can contain a comma separated list
of names of test suites to run.
|
| |
|
|
|
|
|
|
| |
Previously, the {ns}.crypto_test.on_add option had to be enabled to
actually test the algorithms, which we can't enforce for the tests in
the test_runner as the option is already read when the crypto factory
is initialized. Even so, we wouldn't want to do this for every unit
test, which would be the result of enabling that option.
|
| | |
|
| |
|
|
|
| |
This makes the tests work with clang, which does not implement said
builtin.
|
| | |
|
| |
|
|
| |
This avoids any clashes with existing functions in the monolithic build.
|
| |
|
|
|
|
|
|
| |
Because GCC does not adhere to the priorities defined for constructors
when building with --enable-monolithic (not sure if it was just luck
that it worked in non-monolithic mode - anyway, it's not very portable)
function registration would fail because the hashtable would not be
created yet.
|
| | |
|
| |
|
|
|
|
|
|
| |
Clang does not initialize padding in union members so hashing the
complete "arg" union could lead to different hashes if the hashed
plugin_feature_t does not have static storage duration.
Fixes #549.
|
| |
|
|
|
|
|
| |
Memory beyond the end of the array was moved when array elements in the
second half of an array were removed.
Fixes #548.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Closes #539.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A valgrind analysis of libstrongswan revealed an invalid read of 1 in
the function starts_with(). A more thorough analysis proved this to be
true and showed that with a specially crafted config file (e.g. a single
'#'-character not followed by a newline), the parser might even
interpret the random memory contents following the allocated buffer as
part of the configuration file.
The way the parser is designed, it must be able to skip an inserted
'\0' and continue parsing. Since it is not able to skip two '\0'
characters, the 'fix' of allocating two more bytes than the size of the
parsed file and setting them to '\0' seems to be a safe bet.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
constructors and built some unit tests for the latter)
|
| | |
|
| | |
|
