aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* af-alg: Fix crypt() definition conflictBaruch Siach2017-05-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | Rename the crypt() method to avoid conflict with POSIX crypt(). Fixes the following build failure with musl libc: In file included from ../../../../src/libstrongswan/utils/utils.h:53:0, from ../../../../src/libstrongswan/library.h:101, from af_alg_ops.h:24, from af_alg_ops.c:16: af_alg_ops.c:110:22: error: conflicting types for 'crypt' METHOD(af_alg_ops_t, crypt, bool, ^ ../../../../src/libstrongswan/utils/utils/object.h:99:13: note: in definition of macro 'METHOD' static ret name(union {iface *_public; this;} \ ^ In file included from af_alg_ops.c:18:0: .../host/usr/x86_64-buildroot-linux-musl/sysroot/usr/include/unistd.h:144:7: note: previous declaration of 'crypt' was here char *crypt(const char *, const char *); ^ Closes strongswan/strongswan#72.
* x509: Evaluate return codes of parsing functionsAndreas Steffen2017-05-084-52/+149
|
* Fixed some typos, courtesy of codespellTobias Brunner2017-03-232-2/+2
|
* Allow x25519 as an alias of the curve25519 KE algorithmAndreas Steffen2017-03-201-0/+1
|
* Reference Edwards-curve signature RFCsAndreas Steffen2017-03-203-17/+19
|
* utils: chunk_from_hex() skips optional 0x prefixAndreas Steffen2017-03-062-11/+18
|
* settings: Add support for hex integers (0x prefix) via get_int()Tobias Brunner2017-03-021-1/+6
|
* host: Don't log port if it is zeroTobias Brunner2017-03-022-6/+6
|
* traffic-selector: Allow calling set_address() for any traffic selectorTobias Brunner2017-02-273-48/+63
| | | | | Users may check is_host(), is_dynamic() or includes() before calling this if restrictions are required (most actually already do).
* x509: Do not mark generated addrblock extension as criticalMartin Willi2017-02-271-2/+1
| | | | | | | | | | | | | | While RFC 3779 says we SHOULD mark it is critical, this has severe side effects in practice. The addrblock extension is not widely used nor implemented, and only a few applications can handle this extension. By marking it critical, none of these applications can make use of such certificates where included addrblocks do not matter, such as TLS/HTTPS. If an application wants to make use of addrblocks, that is usually an explicit decision. Then the very same application obviously can handle addrblocks, and there is no need for the extension to be critical. In other words, for local policy checks it is a local matter to handle the extension, hence making it critical is usually not of much help.
* x509: Support encoding the RFC 3779 addrblock extensionMartin Willi2017-02-271-3/+134
|
* builder: Define a builder part for X.509 RFC 3779 address blocksMartin Willi2017-02-272-0/+3
|
* plugin-loader: Fix hashing of registered plugin featuresTobias Brunner2017-02-241-1/+1
| | | | | | | This strangely never caused any noticeable issues, but was the reason for build failures in certain test cases (mostly BLISS) due to missing plugin features when built with specific options on Travis (was not reproducible locally).
* mem-cred: Add methods to add/remove shared keys with unique identifiersTobias Brunner2017-02-162-6/+107
| | | | Also added is a method to enumerate the unique identifiers.
* mem-cred: Add method to remove a private key with a specific fingerprintTobias Brunner2017-02-162-2/+38
|
* revocation: More accurately describe the flags to disable OCSP/CRL validationTobias Brunner2017-02-151-8/+7
| | | | | | These options disable validation as such, e.g. even from cached CRLs, not only the fetching. Also made the plugin's validate() implementation a no-op if both options are disabled.
* unit-tests: Allow default test timeout to be configured via compile optionThomas Egerer2017-02-141-0/+2
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* settings: Fix purge if order differs from alphabetical orderTobias Brunner2017-02-071-1/+1
|
* libipsec: Fix Windows build via MinGWTobias Brunner2017-01-251-0/+7
| | | | Fixes #2118.
* bliss: Increase timeout for sampler unit testTobias Brunner2017-01-161-2/+2
| | | | Fixes #2204.
* android: Include ref10 subdirectory for curve25519 pluginTobias Brunner2017-01-161-0/+1
| | | | Fixes #2201.
* revocation: OCSP and/or CRL fetching can be disabledAndreas Steffen2016-12-301-38/+71
|
* Moved Ed25519 tests to libstrongswanAndreas Steffen2016-12-149-141/+27
|
* unit-tests: Completed coverage of hasher, crypter and libnttfftAndreas Steffen2016-12-143-34/+57
|
* Implemented EdDSA for IKEv2 using a pro forma Identity hash functionAndreas Steffen2016-12-145-17/+108
|
* Added Ed25519 ref10 implementation from libsodiumAndreas Steffen2016-12-1413-16/+5789
|
* Added support of EdDSA signaturesAndreas Steffen2016-12-1423-35/+857
|
* openssl: BoringSSL doesn't provide curve data for ECC Brainpool curvesTobias Brunner2016-12-101-1/+4
|
* android: Optionally build the curve25519 pluginTobias Brunner2016-12-081-0/+2
|
* android: Optionally build the chapoly pluginTobias Brunner2016-12-081-0/+2
|
* plugin-loader: Strip '!' from critical plugin names when setting pathsTobias Brunner2016-11-181-1/+1
|
* curve22519: Add a portable backend implemented in plain CMartin Willi2016-11-144-0/+647
|
* curve25519: Add a plugin providing Curve25519 DH using backend driversMartin Willi2016-11-148-0/+469
|
* test-vectors: Add a Curve25519 DH test vectorMartin Willi2016-11-143-0/+36
|
* proposal: Add a curve25519 proposal keywordMartin Willi2016-11-141-0/+1
|
* diffie-hellman: Add DH group identifiers for Curve25519 and Curve448Martin Willi2016-11-142-3/+14
|
* Fixed in-place update of cached base and delta CRLsAndreas Steffen2016-10-301-4/+4
|
* Newer CRLs replace older versions of the CRL in the cacheAndreas Steffen2016-10-261-0/+39
|
* added XOF dependencies of bliss and ntru pluginsAndreas Steffen2016-10-182-4/+26
|
* newhope: Fix Doxygen group nameTobias Brunner2016-10-141-1/+1
|
* libnttfft: Fix Doxygen groupTobias Brunner2016-10-141-1/+3
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-10-141-2/+2
|
* newhope: Properly release allocated arrays if RNG can't be createdTobias Brunner2016-10-141-8/+8
|
* mem-cred: Support storing a delta CRL together with its baseTobias Brunner2016-10-111-8/+30
| | | | | | | | | | | | So far every "newer" CRL (higher serial or by date) replaced an existing "older" CRL. This meant that delta CRLs replaced an existing base CRL and that base CRLs weren't added if a delta CRL was already stored. So the base had to be re-fetched every time after a delta CRL was added. With this change one delta CRL to the latest base may be stored. A newer delta CRL will replace an existing delta CRL (but not its base, older base CRLs are removed, though). And a newer base will replace the existing base and optional delta CRL.
* revocation: Cache valid CRL also if certificate is revokedTobias Brunner2016-10-111-10/+25
|
* openssl: Fix AES-GCM with BoringSSLTobias Brunner2016-10-111-3/+3
| | | | | | | | BoringSSL only supports a limited list of (hard-coded) algorithms via EVP_get_cipherbyname(), which does not include AES-GCM. While BoringSSL deprecated these functions they are also supported by OpenSSL (in BoringSSL a completely new interface for AEADs was added, which OpenSSL currently does not support).
* android: MGF1 implementation was moved to a pluginTobias Brunner2016-10-111-2/+1
| | | | Fixes: 188b190a70c9 ("mgf1: Refactored MGF1 as an XOF")
* ldap: Fix crash in case of empty LDAP response for CRL fetchYannick CANN2016-10-061-2/+1
| | | | | | | | | In case of an empty LDAP result during a CRL fetch (for example, due to a wrong filter attribute in the LDAP URI, or invalid LDAP configuration), the call to ldap_result2error() with NULL value for "entry" lead to a crash. Closes strongswan/strongswan#52.
* openssl: Add a generic private key loaderTobias Brunner2016-10-057-18/+129
|
* pkcs1: Support building of KEY_ANY private keysTobias Brunner2016-10-052-5/+73
| | | | | We try to detect the type of key by parsing the basic structure of the passed ASN.1 blob.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-21 04:16:08 +0000