aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* Implemented FFT with n = 1024 and q = 11289 using Montgomery arithmeticAndreas Steffen2016-07-293-8/+495
|
* bliss: Implemented FFT with fast Montgomery arithmeticAndreas Steffen2016-07-298-102/+294
|
* xof: Implemented SHAKE128 and SHAKE256 Extended Output FunctionsAndreas Steffen2016-07-2911-415/+1293
|
* xof: Defined Extended Output FunctionsAndreas Steffen2016-07-2912-5/+520
|
* Added SHA-3 signature OIDsAndreas Steffen2016-07-261-1/+10
|
* unit-tests: Decreased loop count of FFT speed test to 10'000Andreas Steffen2016-07-221-1/+1
|
* unit-tests: Added bliss_fft_speed testAndreas Steffen2016-07-221-1/+42
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-07-041-1/+1
|
* plugin-loader: Allow selective modification of the default plugin listTobias Brunner2016-06-291-10/+24
| | | | | | | This change allows selectively modifying the default plugin list by setting the `load` setting of individual plugins (e.g. to disable them or to change their priority) without enabling charon.load_modular and having to configure a section and a load statement for every plugin.
* leak-detective: Try to properly free allocations after deinitializationTobias Brunner2016-06-291-0/+13
| | | | | | | | If a function we whitelist allocates memory while leak detective is enabled but only frees it after LD has already been disabled, free() will get called with invalid pointers (not pointing to the actually allocated memory by LD), which will cause checks in the C library to fail and the program to crash. This tries to detect such cases and calling free with the correct pointer.
* openssl: Whitelist OPENSSL_init_crypto() and others in leak detectiveTobias Brunner2016-06-291-0/+4
| | | | | | | | | Lots of static data is allocated in this function, which isn't freed until the library is unloaded (we can't call OPENSSL_cleanup() as initialization would fail when calling it again later). When enabling the leak detective the test runner eventually crashes as all the data allocated during initialization has an invalid size when freed after leak detective has been unloaded.
* openssl: Update GCM/crypter API to OpenSSL 1.1.0Tobias Brunner2016-06-291-13/+13
|
* openssl: Update HMAC API to OpenSSL 1.1.0Tobias Brunner2016-06-291-9/+25
|
* openssl: Don't use deprecated RAND_pseudo_bytes()Tobias Brunner2016-06-291-7/+0
|
* openssl: Update PKCS#12 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-1/+5
|
* openssl: Update PKCS#7 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-3/+7
|
* openssl: Update CRL API to OpenSSL 1.1.0Tobias Brunner2016-06-291-7/+42
| | | | | | There is currently no way to compare the outer and inner algorithms encoded in a parsed CRL. X509_CRL_verify() does not seem to check that either, though (unlike X509_verify()).
* openssl: Update x509 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-12/+48
|
* openssl: Update ECDSA API to OpenSSL 1.1.0Tobias Brunner2016-06-292-5/+24
|
* openssl: Update RSA API to OpenSSL 1.1.0Tobias Brunner2016-06-292-16/+52
|
* openssl: Make some utilities take const BIGNUM pointersTobias Brunner2016-06-292-4/+6
|
* openssl: Add macro to define fallback functions for non-opaque OpenSSL versionsTobias Brunner2016-06-291-0/+38
|
* openssl: Update DH API to OpenSSL 1.1.0Tobias Brunner2016-06-291-11/+41
|
* openssl: Update crypter API to OpenSSL 1.1.0Tobias Brunner2016-06-291-12/+17
| | | | | EVP_CIPHER and EVP_CIPHER_CTX are now opaque types, the getters already existed before.
* openssl: Fix mapping from ASN1 to chunk_t with OpenSSL 1.1.0Tobias Brunner2016-06-291-1/+7
| | | | ASN1_OBJECT is now opaque.
* openssl: Update initialization and cleanup for OpenSSL 1.1.0Tobias Brunner2016-06-291-7/+17
| | | | | | We can't call OPENSSL_cleanup() as that would prevent us from re-initializing the library again (which we use in the Android app, that loads/unloads plugins).
* openssl: OpenSSL 1.1.0 is thread-safe so we don't have to setup callbacksTobias Brunner2016-06-291-0/+13
|
* proposal: Parse modpnone as MODP_NONE(0)Tobias Brunner2016-06-171-0/+1
|
* crypto-factory: Stop after successfully creating one nonce generatorTobias Brunner2016-06-171-0/+4
| | | | Fixes: e2fc09c186c3 ("Add nonce generator interface")
* unit-tests: Defining TESTS_RUNNERS allows to only run specific test runnersTobias Brunner2016-06-172-1/+33
|
* leak-detective: Make sure to actually call malloc() from calloc() hookTobias Brunner2016-06-151-3/+4
| | | | | | | | Newer versions of GCC are too "smart" and replace a call to malloc(X) followed by a call to memset(0,X) with a call co calloc(), which obviously results in an infinite loop when it does that in our own calloc() implementation. Using `volatile` for the variable storing the total size prevents the optimization and we actually call malloc().
* leak-detective: Whitelist __fprintf_chk as seen on newer systemsTobias Brunner2016-06-151-0/+1
|
* configure: Check for and explicitly link against -latomicMartin Willi2016-06-142-2/+4
| | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it.
* android: Use non-aliased cipher identifiersTobias Brunner2016-06-131-12/+12
| | | | | | Some of these are also understood by BoringSSL. Fixes #1510.
* ipsec: Add function to compare two ipsec_sa_cfg_t instancesTobias Brunner2016-06-082-0/+25
| | | | | | memeq() is currently used to compare these but if there is padding that is not initialized the same for two instances the comparison fails. Using this function ensures the objects are compared correctly.
* identification: Compare identity types when comparing ID_FQDN/ID_RFC822_ADDR ↵Tobias Brunner2016-06-061-3/+4
| | | | | | identities References #1380.
* x509: Properly wrap keyid in authorityKeyIdentifier in attribute certificatesTobias Brunner2016-06-061-1/+2
| | | | | | | The correct encoding got lost in bdec2e4f5291 ("refactored openac and its attribute certificate factory"). Fixes #1370.
* af-alg: Silently skip probing algorithms if AF_ALG is not supportedMartin Willi2016-05-191-0/+19
| | | | | | If the af-alg plugin is enabled, but kernel support is missing, we get an error line during startup for each probed algorithm. This is way too verbose, so just skip probing if AF_ALG is unsupported.
* mem-cred: Fix memory leak when replacing existing CRLsTobias Brunner2016-05-111-0/+1
| | | | Fixes #1442.
* identification: Add support for dmdName RDN (2.5.4.54)Yannick Cann2016-04-253-0/+5
| | | | | | | It's listed in RFC 2256 but was later removed with RFC 4519, but there are still some certs that use it. Closes strongswan/strongswan#43.
* leak-detective: added _IO_file_doallocate to whitelistAndreas Steffen2016-04-241-0/+1
|
* curl: Add TLS support if libcurl is built against BoringSSLTobias Brunner2016-04-151-1/+2
| | | | | We don't have to rely on the openssl plugin and its threading initialization as BoringSSL is thread-safe out of the box.
* openssl: BoringSSL does not support configurationTobias Brunner2016-04-151-0/+4
| | | | | The other initialization functions are still defined but many are apparently no-ops (this is also true for the threading initialization).
* openssl: The member storing the DH exponent length has been renamed in BoringSSLTobias Brunner2016-04-151-0/+4
|
* openssl: Use proper EVP macro to determine size of a hashTobias Brunner2016-04-152-2/+2
|
* curl: Handle LibreSSL like OpenSSL in regards to multi-threadingTobias Brunner2016-04-151-1/+1
| | | | | LibreSSL is API compatible so our openssl plugin does not need any changes and it works fine with the curl plugin.
* thread: Don't hold mutex when calling cleanup handlers while terminatingTobias Brunner2016-04-131-12/+14
| | | | | | | | | | This could interfere with cleanup handlers that try to acquire mutexes while other threads holding these try to e.g. cancel the threads. As cleanup handlers are only queued by the threads themselves we don't need any synchronization to access the list. Fixes #1401.
* pkcs11: Skip zero-padding of r and s when preparing EC signatureTobias Brunner2016-04-051-3/+9
| | | | | | They are zero padded to fill the buffer. Fixes #1377.
* chunk: Skip all leading zero bytes in chunk_skip_zero() not just the firstTobias Brunner2016-04-042-14/+18
|
* string: Gracefully handle NULL in str*eq() macrosTobias Brunner2016-04-042-4/+82
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 06:52:34 +0000