sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
19,327 Commits 101 Branches 327 Tags
Commit Graph

34 Commits

Author SHA1 Message Date
Tobias Brunner
a70ba4d600 pkcs11: Free copied name of PKCS#11 module in error cases 2025-03-04 14:48:42 +01:00
Tobias Brunner
19ef2aec15 Update copyright headers after acquisition by secunet 2022-06-28 10:22:56 +02:00
Tobias Brunner
6537be9c8d pkcs11: Change how unavailable attributes like CKA_TRUSTED are handled 
If a PKCS#11 library/token doesn't provide one or more attributes via
C_GetAttributeValue(), we get back CKR_ATTRIBUTE_TYPE_INVALID (similar
for protected attributes where CKR_ATTRIBUTE_SENSITIVE is returned).
This is not an error as the spec demands that all attributes have been
processed with the unavailable attributes having set their length
field to CK_UNAVAILABLE_INFORMATION.

We use this to handle the CKA_TRUSTED attribute, which some tokens
apparently don't support.  We previously used a version check to remove
the attribute from the call but even the latest spec doesn't make the
attribute mandatory (it's just in a list of "common" attributes for
CKO_CERTIFICATE objects, without a default value), so there are current
tokens that don't support it and prevent us from enumerating certificates.
 2021-06-14 13:58:48 +02:00
Michał Skalski
f30187d422 pkcs11: Fix build on Windows 
Windows provides CreateMutexA/W with an alias called CreateMutex that
selects one of the other two based on the UNICODE constant.
 2021-01-25 15:16:12 +01:00
Josh Soref
b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner
45c8399d78 Add missing strings to several enum string definitions 2019-10-28 14:26:32 +01:00
Tobias Brunner
1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
robinleander
826b4232d3 pkcs11: Use unused return value of C_GetMechanismList 
Closes strongswan/strongswan#96.
 2018-03-29 17:18:27 +02:00
Tobias Brunner
95a63bf281 Migrate all enumerators to venumerate() interface change 2017-05-26 13:56:44 +02:00
Tobias Brunner
4aab3153a4 pkcs11: Properly handle EC_POINTs returned as ASN.1 octet string 
This is the correct encoding but we internally only use unwrapped keys
and some tokens return them unwrapped.

Fixes #872.
 2015-03-09 15:36:07 +01:00
Tobias Brunner
f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831 Moved data structures to new collections subfolder 2012-10-24 16:00:49 +02:00
Tobias Brunner
ca1c2ee281 Copy the name of pkcs11_library_t objects 
Strings returned by settings_t.create_section_enumerator will be freed
when the config is reloaded.
 2012-10-18 14:42:09 +02:00
Tobias Brunner
c198525104 pkcs11: Function added to retrieve multiple attributes from a single object. 2011-11-02 20:27:54 +01:00
Tobias Brunner
8531106578 pkcs11: Method added to library to extract a single attribute from an object. 2011-10-31 18:45:36 +01:00
Tobias Brunner
6a5020fc67 pkcs11: Added names for CKA_* constants. 2011-10-31 18:45:36 +01:00
Tobias Brunner
df241121fd pkcs11: Error message fixed. 2011-10-31 18:45:35 +01:00
Tobias Brunner
f3bb1bd039 Fixed common misspellings. 
Mostly found by 'codespell'.
 2011-07-20 16:14:10 +02:00
Martin Willi
ea90042233 Provide recursive mutex' just in case the PKCS#11 library requires it 2011-06-01 12:03:44 +02:00
Martin Willi
b78ca4b04c Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20 2010-11-18 08:56:12 +01:00
Martin Willi
cfa18d14f1 Use static args for C_Initialize(), OpenSC does not get a copy of the pointers 2010-11-18 08:44:22 +01:00
Martin Willi
9cda39923e Added a PKCS#11 module option to enforce OS Locking functions 2010-11-12 16:14:03 +01:00
Martin Willi
59df2d2a6f Add flags for PKCS#11 libraries with reduced feature set 2010-11-10 18:36:15 +01:00
Martin Willi
5a27bf8ad8 Provide a public PKCS#11 mechanism enumerator 2010-08-04 09:26:21 +02:00
Martin Willi
d007ce3206 Extended the PKCS#11 object enumerator by attribute retrieval 2010-08-04 09:26:20 +02:00
Martin Willi
9baa41c52d Implemented a generic PKCS#11 object enumerator 2010-08-04 09:26:20 +02:00
Martin Willi
66033012c9 Reenabled dlclose 2010-08-04 09:26:20 +02:00
Martin Willi
a6d2ec331b Implemented a credential set on top of a PKCS#11 token 2010-08-04 09:26:20 +02:00
Martin Willi
75451ac8ba Add enum names for CK_MECHANISM_TYPE constants 2010-08-04 09:26:19 +02:00
Martin Willi
b3b0e57cb1 Make the PKCS#11 padding string trimming public, add null terminator 2010-08-04 09:26:19 +02:00
Martin Willi
71151d3c1b Added a getter for the library alias 2010-08-04 09:26:19 +02:00
Martin Willi
50e1a710ea Use locking, prefer our mutex abstraction layer 2010-08-04 09:26:19 +02:00
Martin Willi
a6456dd640 Added enum names for PKCS#11 return values 2010-08-04 09:26:19 +02:00
Martin Willi
34454dc39e Implemented an abstraction layer for PKCS#11 module loading 2010-08-04 09:26:19 +02:00