aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl/openssl_plugin.c
Commit message (Collapse)AuthorAgeFilesLines
* openssl: Add support for verifying RSASSA-PSS signaturesTobias Brunner2017-11-081-0/+1
|
* openssl: Add support for creating RSASSA-PSS signaturesTobias Brunner2017-11-081-0/+3
|
* openssl: Also load EC keys from an ENGINETobias Brunner2017-11-021-4/+150
|
* openssl: Add a generic private key loaderTobias Brunner2016-10-051-2/+52
|
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-221-8/+8
|
* openssl: Update initialization and cleanup for OpenSSL 1.1.0Tobias Brunner2016-06-291-7/+17
| | | | | | We can't call OPENSSL_cleanup() as that would prevent us from re-initializing the library again (which we use in the Android app, that loads/unloads plugins).
* openssl: OpenSSL 1.1.0 is thread-safe so we don't have to setup callbacksTobias Brunner2016-06-291-0/+13
|
* openssl: BoringSSL does not support configurationTobias Brunner2016-04-151-0/+4
| | | | | The other initialization functions are still defined but many are apparently no-ops (this is also true for the threading initialization).
* 128 bit default security strength for IKE and ESP algorithmsAndreas Steffen2015-12-171-19/+19
| | | | | | | | | | | | | | | | | The default ESP cipher suite is now AES_CBC-128/HMAC_SHA2_256_128 and requires SHA-2 HMAC support in the Linux kernel (correctly implemented since 2.6.33). The default IKE cipher suite is now AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 if the openssl plugin is loaded or AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 if ECC is not available. The use of the SHA-1 hash algorithm and the MODP_2048 DH group has been deprecated and ENCR_CHACHA20_POLY1305 has been added to the default IKE AEAD algorithms.
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-141-4/+4
|
* curl: For SSL features, depend on thread-safety provided by our crypto pluginsMartin Willi2014-09-241-0/+2
| | | | | | | | | To use SSL in curl, we need to initialize the SSL library in a thread-safe manner and provide the appropriate callbacks. As we already do that in our crypto plugins using these libraries, we depend on these features. This implies that we need the same plugin enabled (openssl, gcrypt) as the curl backend is configured to use to fetch from HTTPS URIs.
* openssl: Don't re-enter FIPS mode if we are already using itMartin Willi2014-06-041-2/+3
| | | | | | If FIPS mode has been enabled by other means, under some environments it can't be entered again. It fails with "FIPS mode already set". To avoid it, we first check the mode before changing it.
* openssl: Be less verbose about FIPS mode when not running as daemonMartin Willi2014-06-041-2/+2
| | | | | While this is valuable information, printing it for pki and other tools is annoying.
* openssl: Fix includes to prevent <winsock2.h> to complain about include orderMartin Willi2014-06-041-6/+6
|
* lib: All settings use configured namespaceTobias Brunner2014-02-121-1/+1
|
* openssl: Add support for ECC Brainpool curves for DH, if defined by OpenSSLTobias Brunner2013-10-171-0/+4
| | | | OpenSSL does not include them in releases before 1.0.2.
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-111-3/+3
| | | | for IKEv2 anyway
* openssl: Properly log FIPS mode when enabled via openssl.confTobias Brunner2013-09-271-5/+13
| | | | | | | | | Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf it should be disabled in strongswan.conf (or the other way around). Either way, we should log whether FIPS mode is enabled or not. References #412.
* openssl: Only warn about unavailable FIPS mode if the user requested itTobias Brunner2013-05-081-1/+1
|
* openssl: Cleanup thread specific error bufferTobias Brunner2013-05-081-5/+38
|
* openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0Tobias Brunner2013-05-081-17/+29
|
* openssl: Add PKCS#12 parsing via OpenSSLTobias Brunner2013-05-081-0/+3
|
* openssl: Properly cleanup OpenSSL libraryTobias Brunner2013-05-081-2/+7
|
* Add support for untruncated HMAC-SHA-512Tobias Brunner2013-05-081-0/+1
|
* openssl: Define a default for FIPS_MODETobias Brunner2013-05-031-0/+4
|
* support of OpenSSL FIPS-140-2 libraryAndreas Steffen2013-04-161-0/+19
|
* openssl: The EVP GCM interface requires at least OpenSSL 1.0.1Tobias Brunner2013-03-011-0/+2
|
* openssl: Provide AES-GCM implementationTobias Brunner2013-02-281-0/+14
|
* openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8gTobias Brunner2013-02-201-1/+2
| | | | Fixes #292.
* Add a stub for OpenSSL PKCS#7 parsingMartin Willi2012-12-191-0/+5
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* openssl: Fix registration of the PUBKEY builderTobias Brunner2012-08-181-1/+1
| | | | | libtls drops support for RSA suites if it does not find an RSA backend (final builder for RSA public keys).
* Check rng return value when seeding OpenSSL RNGTobias Brunner2012-07-161-1/+5
|
* openssl: Ensure the thread ID is never zeroTobias Brunner2012-07-031-1/+3
| | | | | | This might otherwise cause problems because OpenSSL tries to lock mutexes recursively if it assumes the lock is held by a different thread e.g. during FIPS initialization.
* Use simple wrappers for HMAC based PRF and signer in openssl pluginTobias Brunner2012-06-251-2/+1
|
* Adding OpenSSL HMAC signer functions to openssl pluginAleksandr Grinberg2012-06-251-0/+20
|
* Adding OpenSSL HMAC pseudo random functions to openssl pluginAleksandr Grinberg2012-06-251-0/+17
|
* Adding OpenSSL random number functions to openssl pluginAleksandr Grinberg2012-06-251-0/+4
|
* Certificate decoding soft-depends on public key decoding of specific typesMartin Willi2012-05-021-0/+3
|
* Fixed AES key length in openssl pluginMartin Willi2011-10-141-2/+2
|
* Announce openssl features only if actually supportedMartin Willi2011-10-141-16/+64
|
* Add features support to openssl pluginMartin Willi2011-10-141-141/+118
|
* Added a (not yet implemented) plugin_t method to reload plugin configurationMartin Willi2011-04-151-0/+1
|
* Added a get_name() function to plugin_t, create_plugin_enumerator enumerates ↵Martin Willi2011-04-151-38/+43
| | | | over plugin_t
* trace back crypto algorithms to the plugins that registered themAndreas Steffen2010-12-181-36/+38
|
* Added missing include for RAND_seed and RAND_status.Tobias Brunner2010-10-211-0/+1
|
* Added a final flag to builder registration to enumerate the actually ↵Martin Willi2010-09-031-10/+10
| | | | supported algorithms
* Added support for MODP_CUSTOM to openssl pluginMartin Willi2010-09-031-0/+2
|
* Use a seperate section for each nested struct member in INIT macroMartin Willi2010-08-181-1/+5
|
* Double check that the OpenSSL RNG has been seeded, do so otherwiseMartin Willi2010-08-111-0/+33
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 22:25:08 +0000