summaryrefslogtreecommitdiffstats
path: root/src/openvpn/crypto_openssl.c
Commit message (Collapse)AuthorAgeFilesLines
* openssl: use crypto_msg(), get rid of openssl-specific code in error.cSteffan Karger2014-12-311-16/+25
| | | | | | | | | | | | | v2 - don't wrap string for a couple of words, and be more consistent with wrapping (use curly braces for ifs with wrapping statements) v3 - change an incorrect crypto_msg() call back to msg() Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <54A430A2.5000409@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9374 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove ENABLE_SSL define (and --disable-ssl configure option)Steffan Karger2014-12-311-16/+0
| | | | | | | | | | | | | | | | | | | Remove the --disable-ssl configure option and accompanying ENABLE_SSL defines in the master/2.4 branch, to reduce the code and testing complexity a bit. This does not remove to runtime option to run without SSL, just the compile time option to not include any SSL-related code. During the community meeting in November 2014 there were no objections amongst he developers present. Also, this has been announced on the -users and -devel mailing lists two weeks ago, without any response whatsoever. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <54A4248A.1090501@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9371 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* openssl: add more descriptive message for 'no shared cipher' errorSteffan Karger2014-12-311-3/+17
| | | | | | | | | | | | | | | | Overzealous users using the --tls-cipher option, or users with actual incompatible crypto libaries often waste quite some time debugging the 'no shared cipher' error from openssl. See e.g. trac ticket #359: https://community.openvpn.net/openvpn/ticket/359 This change adds a more clear, verb 1 error message reporting the problem directly to the user, instead of just printing the openssl error. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <544EB12E.40200@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9209 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* openssl: add crypto_msg(), to easily log openssl errorsSteffan Karger2014-12-311-0/+9
| | | | | | | | | | | | | This works towards removing OpenSSL-specific error printing code from error.c. The crypto_msg() functions provide convenience wrappers, specific to OpenSSL. Instead of passing the magical 'M_SSLERR' flag to msg(), a developer now just calls crypto_msg() to get OpenSSL errors dumped to log. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1414269324-14102-5-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9199 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix assertion error when using --cipher noneSteffan Karger2014-11-081-2/+2
| | | | | | | | | | | | Some commits ago, the cipher mode checks were cleaned up to remove code duplication (and fix the issue in #471), but broke '--cipher none' (reported in #473). This commit fixes that. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <545DED2C.5070002@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9217 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Improve --show-ciphers to show if a cipher can be used in static key modeSteffan Karger2014-07-071-6/+13
| | | | | | | | | | | | Also remove the bulky warning from init_key_type() and add the information to the --show-ciphers output. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <53BAEF65.2070509@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8852 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add proper check for crypto modes (CBC or OFB/CFB)Steffan Karger2014-07-071-3/+32
| | | | | | | | | | | | | | | | | | OpenSSL has added AEAD-CBC mode ciphers like AES-128-CBC-HMAC-SHA1, which have mode EVP_CIPH_CBC_MODE, but require a different API (the AEAD API). So, add extra checks to filter out those AEAD-mode ciphers. Adding these made the crypto library agnostic function cfb_ofb_mode() superfuous, so removed that on the go. Also update all cipher mode checks to use the new cipher_kt_mode_*() functions for consistency. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1402244175-31462-3-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8779 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.Steffan Karger2014-07-071-1/+1
| | | | | | | | | | | | Makes OFB/CFB compile time configurable, and fixes output of --show-ciphers to also show OFB/CFB ciphers along the way (becasue crypto.h was not included from crypto_openssl.c). Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1402244175-31462-2-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8781 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove unneeded defines (were needed for pre-0.9.7 OpenSSL).Steffan Karger2014-05-261-8/+0
| | | | | | | | | Since we now require OpenSSL 0.9.8, we don't need these anymore. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401045501-12343-4-git-send-email-steffan@karger.me> Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove unneeded wrapper functions in crypto_openssl.cSteffan Karger2014-05-261-16/+4
| | | | | | | | | | Both EVPCipherInit_ov() and EVPCipherUpdate_ov() wrapped OpenSSL functions without any changes, so lets just use the functions directly. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401045501-12343-3-git-send-email-steffan@karger.me> Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove function without effect (cipher_ok() always returned true).Steffan Karger2014-05-261-8/+2
| | | | | | | Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401045501-12343-2-git-send-email-steffan@karger.me> Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Bump minimum OpenSSL version to 0.9.8Steffan Karger2014-03-231-27/+0
| | | | | | | | | | | | | OpenSSL 0.9.7 and older are considered obsolete (see http://www.openssl.org/news/news.html). This patch updates configure.ac to require OpenSSL 0.9.8 or newer, and removes a number of #ifdefs that are now no longer needed. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1395582781-27966-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8392 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fixed usage of stale define USE_SSL to ENABLE_SSLSteffan Karger2013-04-151-2/+4
| | | | | | | | Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <516BCEA2.6000608@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/7509 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Config compatibility patch. Added translate_cipher_name.Steffan Karger2013-03-221-0/+12
| | | | | | | | | | | | | | | Added translate_cipher name to crypto_openssl.c and crypto_polarssl.c to translate between OpenVPN(/OpenSSL) and PolarSSL data channel cipher algorithm names. OpenSSL does not require any translating, PolarSSL does for a small number of algorithms. This improves on config file compatibility between the OpenSSL and PolarSSL builds. Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1363942465-3251-5-git-send-email-steffan.karger@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/7435 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove calls to OpenSSL when building with --disable-sslIgor Novgorodov2012-03-291-0/+15
| | | | | | | | | | | | | | Move OpenSSL calls out from the generic crypto layer and into the OpenSSL specific layer. Also don't load all algortihms if SSL isn't enabled. Error strings will also not be loaded into memory if ENABLE_SMALL is configured. Signed-off-by: Igor Novgorodov <igor@novg.net> Acked-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* build: move out config.h include from sysheadAlon Bar-Lev2012-03-221-0/+6
| | | | | | | | | | | Yet another step in reducing the syshead.h content. Conditional compilation of sources needs to be based on a minimum program prefix (config.h only). Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* build: proper crypto detection and usageAlon Bar-Lev2012-03-221-19/+7
| | | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* build: standard directory layoutAlon Bar-Lev2012-03-221-0/+744
Suitable for mature project. root - administrative stuff doc - documents src - sources tests - tests distro - distro specific files sample - samples SIDE EFFECT: many changes to rpm spec. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-23 05:55:53 +0000