summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed a regression causing VS2008/Python build failureSamuli Seppänen2011-11-211-1/+1
| | | | | | | | | | Patch "Added options to switch between OpenSSL and PolarSSL and PKCS11" caused a regression when building OpenVPN with Visual Studio 2008/Python build system. The underlying cause was a wrong path to lzo2.lib. Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a typo when initialising cryptoapi certsAdriaan de Jong2011-11-211-1/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Heiko Hund <heiko.hund@sophos.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Minor cleanup to enable warning-free Windows build:Adriaan de Jong2011-11-216-9/+6
| | | | | | | | | | | | - Changed int32_t to size_t - Removed some unused variables - Added missing include files - changed ordering to ensure variable declarations are before asserts Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Tested-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved from strsep to strtok, for Windows compatibilityAdriaan de Jong2011-11-211-5/+9
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added options to switch between OpenSSL and PolarSSL and PKCS11...Adriaan de Jong2011-11-213-6/+43
| | | | | | | | at compile time. Also included the option to enable/disable PKCS11. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Reordered functions to ensure warning-free Windows buildAdriaan de Jong2011-11-211-11/+10
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved CryptoAPI header include to the ssl_openssl.cAdriaan de Jong2011-11-212-4/+4
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved prng_uninit out of crypto_uninit_libAdriaan de Jong2011-11-214-5/+3
| | | | | | | | | | | Since prng_uninit is SSL-library agnostic, but crypto_uninit_lib isn't, the function was moved up a level. Also removed one unused variable (j) in tls1_P_hash(). Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* add missing break between "case IPv4" and "case IPv6", leading to theGert Doering2011-11-101-0/+1
| | | | | | | | | | | | minimum-size for IPv6 being applied to IPv4 packets, subsequently leading to drop of small-sized IPv4 packets. Bug found & fixed by Christian Niessner. Signed-off-by: Christian Niessner <bug-report@secadm.de> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix PolarSSL and --pkcs12 option issuesDavid Sommerseth2011-11-081-1/+7
| | | | | | | | | | | | PolarSSL does not support PKCS#12 certificate/key bundles, but had a typo where #ifdef USE_POLARSSL was used, and it should have been #ifndef instead. Also added a few extra exclusions of PKCS#12 messages where appropriate, to avoid confusing users. Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Adriaan de Jong <dejong@fox-it.com>
* Fixed missing comma in plugin.hAdriaan de Jong2011-11-071-1/+1
| | | | | | | | Fixed a bug where the wrong value was being passed to plugin_call_ssl, due to a missing comma. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Further removal of des_old.h based callsAdriaan de Jong2011-10-251-2/+2
| | | | | | | | Replaced des_set_key_unchecked and des_ecb_encrypt functions in cipher_des_encrypt_ecb Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed obsolete des_cblock and des_keyscheduleAdriaan de Jong2011-10-241-3/+3
| | | | | | | | This is to allow building on NetBSD which does not install <des_old.h> anymore Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Got rid of a few magic numbers in ntlm.cAdriaan de Jong2011-10-246-20/+25
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed disabling crypto and SSLAdriaan de Jong2011-10-2412-22/+47
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added missing #ifdef to allow --disable-managent to work againAdriaan de Jong2011-10-241-1/+4
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved to PolarSSL 1.0.0:Adriaan de Jong2011-10-223-3/+3
| | | | | | | | | | - Reversed des_key_check_weak output check, as the library changed this - Changed POLARSSL_MODE_CFB to POLARSSL_MODE_CFB128 - Changed the bio write function to accept const input Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Made SSL_CIPHER const in print_details, to fix warningAdriaan de Jong2011-10-221-1/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a typo: print the subject instead of the serial for verification errorsAdriaan de Jong2011-10-221-1/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed a stray Fox-IT tagAdriaan de Jong2011-10-221-1/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Unified verification function return values:Adriaan de Jong2011-10-224-110/+116
| | | | | | | | | - Now return either SUCCESS or FAILURE. - SUCCESS is defined as 0. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a bug in the return value of ssl_verify when pre_verify failedAdriaan de Jong2011-10-221-2/+4
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved gc_new and gc_free to begin end of functionAdriaan de Jong2011-10-221-3/+2
| | | | | | | | As a safety measure against future modifications Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added back checks for ks->authenticated in verify_user_passAdriaan de Jong2011-10-221-4/+5
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved HMAC prints back to main crypto moduleAdriaan de Jong2011-10-226-46/+20
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved print messages back to generic crypto.c from cipher backendsAdriaan de Jong2011-10-224-37/+19
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed an unintentional change in the options calculated key size.Adriaan de Jong2011-10-221-1/+1
| | | | | | | | It is now in bits again. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Further improvements to plugin support:Adriaan de Jong2011-10-223-11/+15
| | | | | | | | | | - Renamed struct entries to explicitly show them as disabled - Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or ssl_verify_polarssl.h is included - If neither of those files is included, disable ssl support for a plugin including openvpn-plugin.h Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixes for the plugin system:Adriaan de Jong2011-10-2211-34/+83
| | | | | | | | | - Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins - Fixed example plugin code to include USE_SSL when needed Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Hardening: periodically reset the PRNG's nonce valueAdriaan de Jong2011-10-222-11/+31
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Disabled X.509 track and username selection for PolarSSLAdriaan de Jong2011-10-225-8/+20
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added SSL library to title stringAdriaan de Jong2011-10-221-2/+14
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added an extra define to allow building without PKCS#11Adriaan de Jong2011-10-221-0/+2
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored (and disabled for PolarSSL) support for writing external cert ↵Adriaan de Jong2011-10-225-56/+43
| | | | | | | | files in scripts Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed stray X509_free from ssl.cAdriaan de Jong2011-10-224-1/+20
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed support for management external keys in PolarSSLAdriaan de Jong2011-10-222-2/+2
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Disable CryptoAPI when not using OpenSSL, and document that fact.Adriaan de Jong2011-10-229-11/+18
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added warning that --capath is not available with PolarSSLAdriaan de Jong2011-10-222-0/+3
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added a warning that the PolarSSL library does not support pkcs12 files.Adriaan de Jong2011-10-223-0/+6
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a compilation warning for size_t key sizesAdriaan de Jong2011-10-221-3/+3
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Updated ssl_polarssl.c to work with 0.99-pre5Adriaan de Jong2011-10-221-22/+24
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Changed PolarSSL crypto backend to support v0.99-pre5Adriaan de Jong2011-10-221-6/+21
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added SHA_DIGEST_SIZE definitionAdriaan de Jong2011-10-221-0/+1
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a bug in the hash generation in ssl_verify_openssl.cAdriaan de Jong2011-10-221-1/+1
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a missing include in ssl_backend.hAdriaan de Jong2011-10-221-0/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added PolarSSL support:Adriaan de Jong2011-10-2217-28/+2348
| | | | | | | | | | | | | - Crypto library - SSL library - PKCS#11 support For missing features, please see README.polarssl Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored X509 track feature to be contained within the openssl backendAdriaan de Jong2011-10-224-50/+65
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Final cleanup before PolarSSL addition:Adriaan de Jong2011-10-226-56/+97
| | | | | | | | | | - Remove stray X509 entries - Remove unnecessary USE_OPENSSL ifdefs - Normalised x509_get_sha1_hash to look similar to x509_get_* functions Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Modified base64 code in preparation for PolarSSL mergeAdriaan de Jong2011-10-227-14/+14
| | | | | | | | | - Renamed base64_decode and base64_encode to openvpn_* - Changed the contributor's name to UTF-8 Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Separated OpenSSL-specific parts of the PKCS#11 driverAdriaan de Jong2011-10-228-114/+304
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-29 18:49:42 +0000