aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl
Commit message (Collapse)AuthorAgeFilesLines
* lib: All settings use configured namespaceTobias Brunner2014-02-125-5/+5
|
* openssl: Verify that a peer's ECDH public value is a point on the elliptic curveTobias Brunner2013-11-191-0/+5
| | | | | This check is mandated by RFC 6989. Since we don't reuse DH secrets, it is mostly a sanity check.
* openssl: Add workaround if ECC Brainpool curves are not definedTobias Brunner2013-10-171-11/+247
|
* openssl: Add support for ECC Brainpool curves for DH, if defined by OpenSSLTobias Brunner2013-10-172-6/+51
| | | | OpenSSL does not include them in releases before 1.0.2.
* iv_gen: aead_t implementations provide an IV generatorTobias Brunner2013-10-111-0/+15
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-111-3/+3
| | | | for IKEv2 anyway
* openssl: Properly log FIPS mode when enabled via openssl.confTobias Brunner2013-09-271-5/+13
| | | | | | | | | Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf it should be disabled in strongswan.conf (or the other way around). Either way, we should log whether FIPS mode is enabled or not. References #412.
* openssl: Add support for generic encoding of EC public keysTobias Brunner2013-09-131-23/+13
|
* openssl: Add generic RSA public key encodingTobias Brunner2013-09-131-3/+17
|
* openssl: Add helper function to convert BIGNUMs to chunksTobias Brunner2013-09-132-0/+27
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-4/+5
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
* openssl: show which critical X.509 extension is not supportedMartin Willi2013-07-181-1/+6
|
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-121-0/+4
|
* openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strongMartin Willi2013-07-041-9/+6
| | | | For our purposes with RNG_WEAK this is fine, so accept a zero return value.
* openssl: add support for IP addr blocks in X.509 certificatesMichael Rossberg2013-05-241-1/+115
|
* openssl: Only warn about unavailable FIPS mode if the user requested itTobias Brunner2013-05-081-1/+1
|
* openssl: Cleanup thread specific error bufferTobias Brunner2013-05-081-5/+38
|
* openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0Tobias Brunner2013-05-081-17/+29
|
* openssl: Add PKCS#12 parsing via OpenSSLTobias Brunner2013-05-084-0/+307
|
* openssl: Properly cleanup OpenSSL libraryTobias Brunner2013-05-081-2/+7
|
* Add support for untruncated HMAC-SHA-512Tobias Brunner2013-05-081-0/+1
|
* openssl: Define a default for FIPS_MODETobias Brunner2013-05-031-0/+4
|
* support of OpenSSL FIPS-140-2 libraryAndreas Steffen2013-04-162-1/+20
|
* Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0Martin Willi2013-04-101-0/+14
|
* Check RSA_public_decrypt() length before constructing and comparing a chunkMartin Willi2013-04-101-7/+10
| | | | | If decryption fails, it returns -1. chunk_equals() should catch that error, but be more explicit in error checking.
* RSA_check_key() may return -1 if it failsMartin Willi2013-04-101-2/+2
|
* RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND methodMartin Willi2013-04-101-1/+1
|
* Check return value of ECDSA_Verify() correctlyMartin Willi2013-04-101-1/+1
|
* openssl: The EVP GCM interface requires at least OpenSSL 1.0.1Tobias Brunner2013-03-012-0/+8
|
* openssl: Provide AES-GCM implementationTobias Brunner2013-02-284-1/+312
|
* openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8gTobias Brunner2013-02-202-1/+5
| | | | Fixes #292.
* openssl: Properly honor OPENSSL_NO_* definesTobias Brunner2013-01-317-5/+31
|
* Properly check MSB in openssl plugin's PKCS#7 implementationTobias Brunner2013-01-241-1/+1
|
* Include opensslconf.h before checking its definesMartin Willi2013-01-031-0/+2
|
* Don't build OpenSSL PKCS#7 code if OPENSSL_NO_CMS definedMartin Willi2013-01-031-0/+4
|
* Fix up serialNumber in openssl PKCS#7 if it has a leading MSB setMartin Willi2012-12-191-2/+7
|
* Implement PKCS#7 decryption using opensslMartin Willi2012-12-191-16/+255
|
* Make available wrapped certificates while verifying PKCS#7 signatures in opensslMartin Willi2012-12-191-0/+22
|
* Implement openssl PKCS#7 certficiate enumerationMartin Willi2012-12-191-0/+72
|
* Implement get_attribute() in openssl PKCS#7 backendMartin Willi2012-12-191-1/+35
|
* Implement OpenSSL PKCS#7 signed-data parsing and verificationMartin Willi2012-12-191-4/+287
|
* Add a stub for OpenSSL PKCS#7 parsingMartin Willi2012-12-194-0/+172
|
* certificate_t.has_subject() matches for certificate serialNumberMartin Willi2012-12-191-0/+4
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-2411-11/+11
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-242-2/+2
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-1/+2
|
* openssl: Fix registration of the PUBKEY builderTobias Brunner2012-08-181-1/+1
| | | | | libtls drops support for RSA suites if it does not find an RSA backend (final builder for RSA public keys).
* Use centralized hasher names in openssl pluginMartin Willi2012-07-172-73/+10
|
* Support void return values in OpenSSL 0.9.8 HMAC functionsMartin Willi2012-07-171-17/+28
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 16:42:32 +0000