aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* curve22519: Add a portable backend implemented in plain CMartin Willi2016-11-144-0/+647
|
* curve25519: Add a plugin providing Curve25519 DH using backend driversMartin Willi2016-11-148-0/+469
|
* test-vectors: Add a Curve25519 DH test vectorMartin Willi2016-11-143-0/+36
|
* proposal: Add a curve25519 proposal keywordMartin Willi2016-11-141-0/+1
|
* diffie-hellman: Add DH group identifiers for Curve25519 and Curve448Martin Willi2016-11-142-3/+14
|
* Fixed in-place update of cached base and delta CRLsAndreas Steffen2016-10-301-4/+4
|
* Newer CRLs replace older versions of the CRL in the cacheAndreas Steffen2016-10-261-0/+39
|
* added XOF dependencies of bliss and ntru pluginsAndreas Steffen2016-10-182-4/+26
|
* newhope: Fix Doxygen group nameTobias Brunner2016-10-141-1/+1
|
* libnttfft: Fix Doxygen groupTobias Brunner2016-10-141-1/+3
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-10-141-2/+2
|
* newhope: Properly release allocated arrays if RNG can't be createdTobias Brunner2016-10-141-8/+8
|
* mem-cred: Support storing a delta CRL together with its baseTobias Brunner2016-10-111-8/+30
| | | | | | | | | | | | So far every "newer" CRL (higher serial or by date) replaced an existing "older" CRL. This meant that delta CRLs replaced an existing base CRL and that base CRLs weren't added if a delta CRL was already stored. So the base had to be re-fetched every time after a delta CRL was added. With this change one delta CRL to the latest base may be stored. A newer delta CRL will replace an existing delta CRL (but not its base, older base CRLs are removed, though). And a newer base will replace the existing base and optional delta CRL.
* revocation: Cache valid CRL also if certificate is revokedTobias Brunner2016-10-111-10/+25
|
* openssl: Fix AES-GCM with BoringSSLTobias Brunner2016-10-111-3/+3
| | | | | | | | BoringSSL only supports a limited list of (hard-coded) algorithms via EVP_get_cipherbyname(), which does not include AES-GCM. While BoringSSL deprecated these functions they are also supported by OpenSSL (in BoringSSL a completely new interface for AEADs was added, which OpenSSL currently does not support).
* android: MGF1 implementation was moved to a pluginTobias Brunner2016-10-111-2/+1
| | | | Fixes: 188b190a70c9 ("mgf1: Refactored MGF1 as an XOF")
* ldap: Fix crash in case of empty LDAP response for CRL fetchYannick CANN2016-10-061-2/+1
| | | | | | | | | In case of an empty LDAP result during a CRL fetch (for example, due to a wrong filter attribute in the LDAP URI, or invalid LDAP configuration), the call to ldap_result2error() with NULL value for "entry" lead to a crash. Closes strongswan/strongswan#52.
* openssl: Add a generic private key loaderTobias Brunner2016-10-057-18/+129
|
* pkcs1: Support building of KEY_ANY private keysTobias Brunner2016-10-052-5/+73
| | | | | We try to detect the type of key by parsing the basic structure of the passed ASN.1 blob.
* pkcs11: Look for the CKA_ID of the cert if it doesn't match the subjectKeyIdRaphael Geissert2016-10-041-4/+152
| | | | | | | | | | | | | | charon-nm fails to find the private key when its CKA_ID doesn't match the subjectKeyIdentifier of the X.509 certificate. In such cases, the private key builder now falls back to enumerating all the certificates, looking for one that matches the supplied subjectKeyIdentifier. It then uses the CKA_ID of that certificate to find the corresponding private key. It effectively means that PKCS#11 tokens where the only identifier to relate the certificate, the public key, and the private key is the CKA_ID are now supported by charon-nm. Fixes #490.
* watcher: Avoid allocations due to enumeratorsTobias Brunner2016-10-041-37/+83
| | | | | Since the FD set could get rebuilt quite often this change avoids having to allocate memory just to enumerate the registered FDs.
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-2217-147/+240
|
* bliss sampler unit-test: Fixed enumeration typeAndreas Steffen2016-09-221-2/+2
|
* bliss: bliss_sampler expects XOF typeAndreas Steffen2016-09-221-4/+3
|
* unit-tests: MGF1 tests depend on an XOF implementation not just a hash functionTobias Brunner2016-09-211-2/+2
| | | | | If the mgf1 plugin was not enabled (e.g. with the default configure options) the tests failed.
* mgf1: Refactored MGF1 as an XOFAndreas Steffen2016-09-2130-615/+928
|
* leak-detective: Fix compile warning due to unused variable if LD is disabledTobias Brunner2016-09-201-1/+1
|
* leak-detective: Whitelist thread ID getterTobias Brunner2016-09-201-1/+3
| | | | | | | | In case an external thread calls into our code and logs messages, a thread object is allocated that will never be released. Even if we try to clean up the object via thread value destructor there is no guarantee that the thread actually terminates before we check for leaks, which seems to be the case for the Ada Tasking threads.
* leak-detective: Whitelist functions of the Ada runtime related to TaskingTobias Brunner2016-09-201-0/+4
|
* leak-detective: Whitelist some glib/libsoup functionsTobias Brunner2016-09-201-1/+13
| | | | | | Some of these are pretty broad, so maybe an alternative option is to not use the soup plugin in the openssl-ikev2/rw-suite-b* scenarios. But the plugin is not tested anywhere else so lets go with this for now.
* unbound: Avoid unnecessary cloning of RR list that caused a memory leakTobias Brunner2016-09-201-2/+1
|
* unbound: Fix memory leakTobias Brunner2016-09-201-0/+2
|
* leak-detective: Whitelist leak in libldapTobias Brunner2016-09-201-0/+2
|
* leak-detective: Optionally write report to a log fileTobias Brunner2016-09-201-10/+36
|
* auth-cfg-wrapper: Fix memory leak with hash-and-URL certificatesTobias Brunner2016-09-121-1/+1
| | | | | | | We wrap the auth-cfg object and its contents, so there is no need to get an additional reference for the enumerated certificate. Fixes a44bb9345f04 ("merged multi-auth branch back into trunk")
* padlock: Use builtin bswap32() to fix compilation on FreeBSDTobias Brunner2016-08-311-6/+5
| | | | Fixes #591.
* proposal: Use proper list to get function pointer when adding custom parserThomas Egerer2016-08-291-1/+1
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* android: Add missing xof.c fileTobias Brunner2016-08-291-0/+1
| | | | Fixes #2093.
* xof: Add header to dev headersTobias Brunner2016-08-291-1/+2
|
* utils: Fix definition of BYTE_ORDER with MinGWTobias Brunner2016-08-241-1/+5
|
* unit-tests: Removed unused variableAndreas Steffen2016-08-111-2/+0
|
* unit-tests: Created newhope unit-testsAndreas Steffen2016-08-109-7/+1338
|
* Created newhope plugin implementing the New Hope key exchange algorithmAndreas Steffen2016-08-1013-1/+1347
|
* xof: Added ChaCha20 stream as XOFAndreas Steffen2016-08-069-3/+311
|
* utils: Defined uletoh16() and htole16()Andreas Steffen2016-08-061-0/+42
|
* integrity-test: Added ntru_param_sets to read-only segmentAndreas Steffen2016-07-297-36/+96
|
* integrity-test: Added bliss_param_sets to read-only segmentAndreas Steffen2016-07-2914-63/+68
|
* integrity-test: check code and ro segments of libnttfftAndreas Steffen2016-07-297-32/+46
|
* Created libnttfftAndreas Steffen2016-07-2919-121/+258
| | | | | This makes Number Theoretic Transforms (NTT) based on the efficient Fast-Fourier-Transform (FFT) available to multiple plugins.
* Share twiddle factors table between 512 and 1024 point FFTAndreas Steffen2016-07-293-134/+14
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-31 13:52:51 +0000