aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl
Commit message (Collapse)AuthorAgeFilesLines
...
* diffie-hellman: Verify public DH values in backendsMartin Willi2015-03-232-0/+10
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-232-5/+7
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-232-2/+4
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-232-6/+6
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* openssl: Return the proper IV length for OpenSSL cryptersTobias Brunner2015-02-231-1/+1
| | | | | | | For instance, the NULL cipher has a block size of 1 but an IV length of 0. Fixes #854.
* crypto: Define MODP_CUSTOM outside of IKE DH rangeTobias Brunner2014-12-232-2/+2
| | | | | | | | | Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221.
* curl: For SSL features, depend on thread-safety provided by our crypto pluginsMartin Willi2014-09-241-0/+2
| | | | | | | | | To use SSL in curl, we need to initialize the SSL library in a thread-safe manner and provide the appropriate callbacks. As we already do that in our crypto plugins using these libraries, we depend on these features. This implies that we need the same plugin enabled (openssl, gcrypt) as the curl backend is configured to use to fetch from HTTPS URIs.
* openssl: Report correct key length for EC keys when not using NIST curvesTobias Brunner2014-09-022-22/+2
| | | | Fixes #688.
* openssl: Don't re-enter FIPS mode if we are already using itMartin Willi2014-06-041-2/+3
| | | | | | If FIPS mode has been enabled by other means, under some environments it can't be entered again. It fails with "FIPS mode already set". To avoid it, we first check the mode before changing it.
* openssl: Be less verbose about FIPS mode when not running as daemonMartin Willi2014-06-041-2/+2
| | | | | While this is valuable information, printing it for pki and other tools is annoying.
* openssl: Fix includes to prevent <winsock2.h> to complain about include orderMartin Willi2014-06-042-6/+8
|
* openssl: Undef OpenSSLs X509_NAME defined by <wincrypt.h>Martin Willi2014-06-041-0/+6
|
* openssl: Check and link against libeay32 instead of libcrypto on WindowsMartin Willi2014-06-041-1/+1
| | | | Most Windows OpenSSL builds come with the crypto library named libeay32.
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* aead: Support custom AEAD salt sizesMartin Willi2014-03-312-2/+12
| | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* openssl: Add default fallback when calculating fingerprints of RSA keysTobias Brunner2014-03-221-1/+15
| | | | | | We still try to calculate these directly as it can avoid a dependency on the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the actual fingerprint calculation to the pgp plugin.
* lib: All settings use configured namespaceTobias Brunner2014-02-125-5/+5
|
* openssl: Verify that a peer's ECDH public value is a point on the elliptic curveTobias Brunner2013-11-191-0/+5
| | | | | This check is mandated by RFC 6989. Since we don't reuse DH secrets, it is mostly a sanity check.
* openssl: Add workaround if ECC Brainpool curves are not definedTobias Brunner2013-10-171-11/+247
|
* openssl: Add support for ECC Brainpool curves for DH, if defined by OpenSSLTobias Brunner2013-10-172-6/+51
| | | | OpenSSL does not include them in releases before 1.0.2.
* iv_gen: aead_t implementations provide an IV generatorTobias Brunner2013-10-111-0/+15
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-111-3/+3
| | | | for IKEv2 anyway
* openssl: Properly log FIPS mode when enabled via openssl.confTobias Brunner2013-09-271-5/+13
| | | | | | | | | Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf it should be disabled in strongswan.conf (or the other way around). Either way, we should log whether FIPS mode is enabled or not. References #412.
* openssl: Add support for generic encoding of EC public keysTobias Brunner2013-09-131-23/+13
|
* openssl: Add generic RSA public key encodingTobias Brunner2013-09-131-3/+17
|
* openssl: Add helper function to convert BIGNUMs to chunksTobias Brunner2013-09-132-0/+27
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-4/+5
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
* openssl: show which critical X.509 extension is not supportedMartin Willi2013-07-181-1/+6
|
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-121-0/+4
|
* openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strongMartin Willi2013-07-041-9/+6
| | | | For our purposes with RNG_WEAK this is fine, so accept a zero return value.
* openssl: add support for IP addr blocks in X.509 certificatesMichael Rossberg2013-05-241-1/+115
|
* openssl: Only warn about unavailable FIPS mode if the user requested itTobias Brunner2013-05-081-1/+1
|
* openssl: Cleanup thread specific error bufferTobias Brunner2013-05-081-5/+38
|
* openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0Tobias Brunner2013-05-081-17/+29
|
* openssl: Add PKCS#12 parsing via OpenSSLTobias Brunner2013-05-084-0/+307
|
* openssl: Properly cleanup OpenSSL libraryTobias Brunner2013-05-081-2/+7
|
* Add support for untruncated HMAC-SHA-512Tobias Brunner2013-05-081-0/+1
|
* openssl: Define a default for FIPS_MODETobias Brunner2013-05-031-0/+4
|
* support of OpenSSL FIPS-140-2 libraryAndreas Steffen2013-04-162-1/+20
|
* Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0Martin Willi2013-04-101-0/+14
|
* Check RSA_public_decrypt() length before constructing and comparing a chunkMartin Willi2013-04-101-7/+10
| | | | | If decryption fails, it returns -1. chunk_equals() should catch that error, but be more explicit in error checking.
* RSA_check_key() may return -1 if it failsMartin Willi2013-04-101-2/+2
|
* RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND methodMartin Willi2013-04-101-1/+1
|
* Check return value of ECDSA_Verify() correctlyMartin Willi2013-04-101-1/+1
|
* openssl: The EVP GCM interface requires at least OpenSSL 1.0.1Tobias Brunner2013-03-012-0/+8
|
* openssl: Provide AES-GCM implementationTobias Brunner2013-02-284-1/+312
|
* openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8gTobias Brunner2013-02-202-1/+5
| | | | Fixes #292.
* openssl: Properly honor OPENSSL_NO_* definesTobias Brunner2013-01-317-5/+31
|
* Properly check MSB in openssl plugin's PKCS#7 implementationTobias Brunner2013-01-241-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 12:49:31 +0000