aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl
Commit message (Collapse)AuthorAgeFilesLines
* android: Use non-aliased cipher identifiersTobias Brunner2016-06-131-12/+12
| | | | | | Some of these are also understood by BoringSSL. Fixes #1510.
* openssl: BoringSSL does not support configurationTobias Brunner2016-04-151-0/+4
| | | | | The other initialization functions are still defined but many are apparently no-ops (this is also true for the threading initialization).
* openssl: The member storing the DH exponent length has been renamed in BoringSSLTobias Brunner2016-04-151-0/+4
|
* openssl: Use proper EVP macro to determine size of a hashTobias Brunner2016-04-152-2/+2
|
* Use standard unsigned integer typesAndreas Steffen2016-03-245-6/+6
|
* 128 bit default security strength for IKE and ESP algorithmsAndreas Steffen2015-12-171-19/+19
| | | | | | | | | | | | | | | | | The default ESP cipher suite is now AES_CBC-128/HMAC_SHA2_256_128 and requires SHA-2 HMAC support in the Linux kernel (correctly implemented since 2.6.33). The default IKE cipher suite is now AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 if the openssl plugin is loaded or AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 if ECC is not available. The use of the SHA-1 hash algorithm and the MODP_2048 DH group has been deprecated and ENCR_CHACHA20_POLY1305 has been added to the default IKE AEAD algorithms.
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-141-4/+4
|
* openssl: Explicitly include openssl/bn.hTobias Brunner2015-09-165-0/+5
| | | | | | | | If OpenSSL is compiled with OPENSSL_NO_DEPRECATED some of the headers we include don't include openssl/bn.h anymore. Therefore, we have to explicitly include it ourselves where we use BN_* functions. Fixes #1113.
* openssl: Don't refer to EVP_des_ecb() if OpenSSL is built without DES supportTobias Brunner2015-04-171-0/+2
| | | | | | While DES-ECB is not registered by the plugin in this case (so the function will never actually be called), the compiler still warns about the implicitly declared function.
* openssl: Support setting ECDH private valuesMartin Willi2015-04-151-0/+44
|
* openssl: Support setting private Diffie-Hellman valuesMartin Willi2015-04-151-0/+13
|
* utils: Use chunk_equals_const() for all cryptographic purposesMartin Willi2015-04-142-2/+2
|
* openssl: Don't pre-initialize OpenSSL HMAC with an empty keyMartin Willi2015-04-131-6/+16
| | | | | | | | | | With OpenSSL commit 929b0d70c19f60227f89fac63f22a21f21950823 setting an empty key fails if no previous key has been set on that HMAC. In 9138f49e we explicitly added the check we remove now, as HMAC_Update() might crash if HMAC_Init_ex() has not been called yet. To avoid that, we set and check a flag locally to let any get_mac() call fail if set_key() has not yet been called.
* diffie-hellman: Verify public DH values in backendsMartin Willi2015-03-232-0/+10
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-232-5/+7
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-232-2/+4
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-232-6/+6
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* openssl: Return the proper IV length for OpenSSL cryptersTobias Brunner2015-02-231-1/+1
| | | | | | | For instance, the NULL cipher has a block size of 1 but an IV length of 0. Fixes #854.
* crypto: Define MODP_CUSTOM outside of IKE DH rangeTobias Brunner2014-12-232-2/+2
| | | | | | | | | Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221.
* curl: For SSL features, depend on thread-safety provided by our crypto pluginsMartin Willi2014-09-241-0/+2
| | | | | | | | | To use SSL in curl, we need to initialize the SSL library in a thread-safe manner and provide the appropriate callbacks. As we already do that in our crypto plugins using these libraries, we depend on these features. This implies that we need the same plugin enabled (openssl, gcrypt) as the curl backend is configured to use to fetch from HTTPS URIs.
* openssl: Report correct key length for EC keys when not using NIST curvesTobias Brunner2014-09-022-22/+2
| | | | Fixes #688.
* openssl: Don't re-enter FIPS mode if we are already using itMartin Willi2014-06-041-2/+3
| | | | | | If FIPS mode has been enabled by other means, under some environments it can't be entered again. It fails with "FIPS mode already set". To avoid it, we first check the mode before changing it.
* openssl: Be less verbose about FIPS mode when not running as daemonMartin Willi2014-06-041-2/+2
| | | | | While this is valuable information, printing it for pki and other tools is annoying.
* openssl: Fix includes to prevent <winsock2.h> to complain about include orderMartin Willi2014-06-042-6/+8
|
* openssl: Undef OpenSSLs X509_NAME defined by <wincrypt.h>Martin Willi2014-06-041-0/+6
|
* openssl: Check and link against libeay32 instead of libcrypto on WindowsMartin Willi2014-06-041-1/+1
| | | | Most Windows OpenSSL builds come with the crypto library named libeay32.
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* aead: Support custom AEAD salt sizesMartin Willi2014-03-312-2/+12
| | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* openssl: Add default fallback when calculating fingerprints of RSA keysTobias Brunner2014-03-221-1/+15
| | | | | | We still try to calculate these directly as it can avoid a dependency on the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the actual fingerprint calculation to the pgp plugin.
* lib: All settings use configured namespaceTobias Brunner2014-02-125-5/+5
|
* openssl: Verify that a peer's ECDH public value is a point on the elliptic curveTobias Brunner2013-11-191-0/+5
| | | | | This check is mandated by RFC 6989. Since we don't reuse DH secrets, it is mostly a sanity check.
* openssl: Add workaround if ECC Brainpool curves are not definedTobias Brunner2013-10-171-11/+247
|
* openssl: Add support for ECC Brainpool curves for DH, if defined by OpenSSLTobias Brunner2013-10-172-6/+51
| | | | OpenSSL does not include them in releases before 1.0.2.
* iv_gen: aead_t implementations provide an IV generatorTobias Brunner2013-10-111-0/+15
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-111-3/+3
| | | | for IKEv2 anyway
* openssl: Properly log FIPS mode when enabled via openssl.confTobias Brunner2013-09-271-5/+13
| | | | | | | | | Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf it should be disabled in strongswan.conf (or the other way around). Either way, we should log whether FIPS mode is enabled or not. References #412.
* openssl: Add support for generic encoding of EC public keysTobias Brunner2013-09-131-23/+13
|
* openssl: Add generic RSA public key encodingTobias Brunner2013-09-131-3/+17
|
* openssl: Add helper function to convert BIGNUMs to chunksTobias Brunner2013-09-132-0/+27
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-4/+5
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
* openssl: show which critical X.509 extension is not supportedMartin Willi2013-07-181-1/+6
|
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-121-0/+4
|
* openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strongMartin Willi2013-07-041-9/+6
| | | | For our purposes with RNG_WEAK this is fine, so accept a zero return value.
* openssl: add support for IP addr blocks in X.509 certificatesMichael Rossberg2013-05-241-1/+115
|
* openssl: Only warn about unavailable FIPS mode if the user requested itTobias Brunner2013-05-081-1/+1
|
* openssl: Cleanup thread specific error bufferTobias Brunner2013-05-081-5/+38
|
* openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0Tobias Brunner2013-05-081-17/+29
|
* openssl: Add PKCS#12 parsing via OpenSSLTobias Brunner2013-05-084-0/+307
|
* openssl: Properly cleanup OpenSSL libraryTobias Brunner2013-05-081-2/+7
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 18:34:47 +0000