summaryrefslogtreecommitdiffstats
path: root/sbin/iked/crypto.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Constify cipher API.tobhe2021-02-251-5/+5
| | | | ok markus@
* Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe2021-02-041-29/+27
| | | | | | checks where needed. ok markus@ patrick@
* Add support for RSA-PSS PKCS1 signatures. Don't enable them bytobhe2021-01-261-18/+21
| | | | | | default for now because of interoperability issues. ok patrick@
* Add support for RSASSA-PSS signature verification (RFC 7427).tobhe2020-12-061-12/+110
| | | | ok patrick@
* Fix type mismatch. auth_method should be uint8_t.tobhe2020-12-031-4/+4
| | | | ok markus@
* Use a counter instead of random IV for AES-GCM. Security depends ontobhe2020-11-261-3/+17
| | | | | | | choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions. ok markus@ patrick@
* Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe2020-05-261-5/+100
| | | | | | | | | They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12. Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
* Stricter return value checking for EVP_Cipher* calls.tobhe2020-05-141-18/+23
| | | | ok patrick@
* Fix leaks in signature validation.tobhe2020-04-221-1/+5
| | | | ok markus@
* Remove unused 'dsa_cert' variable.tobhe2020-04-201-6/+1
| | | | ok markus@
* Prevent multiple ibuf leaks. Clean up on proccess shutdown.tobhe2020-04-081-1/+2
| | | | ok markus@
* Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit()tobhe2020-02-141-32/+40
| | | | | | | which allows us to support additional signing options like PSS padding in the future. ok patrick@ markus@
* fix char ** to const char ** conversion warning; ok mikeb@otto2017-08-281-2/+4
|
* spacingreyk2017-03-271-2/+2
|
* Add support for RFC4754 (ECDSA) and RFC7427 authentication.reyk2017-03-271-46/+217
| | | | | | | | | | These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes. Original diff from markus@ with patches from mikeb@ and me. OK mikeb@ patrick@
* RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@naddy2015-10-311-2/+2
|
* Switch iked to C99-style fixed-width integer types.reyk2015-08-211-26/+26
| | | | OK mikeb@
* spacing (no binary change, verified with checksums)reyk2015-08-191-6/+10
|
* initial support for RFC 7427 signatures, so we are no longermarkus2015-03-261-7/+134
| | | | restricted to SHA1 for RSA signatures. ok mikeb@
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-2/+2
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* add additional includes required to build with -DOPENSSL_NO_DEPRECATEDjsg2014-07-101-1/+2
| | | | ok reyk@
* Fix compiler warnings in the format strings: use %zd for ssize_t andreyk2014-02-171-2/+2
| | | | | | | %zu for size_t. From Andre de Oliveira With input and OK from blambert@ markus@
* don't leak prv RSA key for each signature; ok mikebmarkus2014-01-241-1/+2
|
* Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup.mikeb2013-12-041-10/+3
| | | | | Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
* pass caller to ca_sslerror for better error messages; ok mikebmarkus2013-11-141-5/+5
|
* Remove private CVS tag from an obsolete repository and bump copyrightreyk2013-01-081-3/+2
| | | | to 2013 while I'm here... this is my way of saying "happy new year!".
* Plug two memory leaks when cleaning up the dh/dsa crypto structures.reyk2012-12-151-1/+2
|
* update email addresses to match reality.reyk2012-09-181-2/+2
| | | | sure jsg@ mikeb@
* Under certain circumstances iked can be tricked to bypass a signaturemikeb2011-08-271-10/+13
| | | | | | | | | | verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks! While here, check for HMAC_* return values. ok jsg, markus
* fixup log_warn and log_debug arguments; ok reykmikeb2010-12-211-8/+8
|
* fixup number rounding; ok reykmikeb2010-11-081-2/+2
|
* disable padding correctly. therefore we no longer need to supplymikeb2010-09-301-4/+8
| | | | | | | | | | | additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data. kills a bunch of XXX's and an annoying error from openssl. also, check a result from CipherUpdate while here. ok reyk
* fix block length for AESreyk2010-06-141-2/+2
|
* Import iked, a new implementation of the IKEv2 protocol.reyk2010-06-031-0/+686
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.