#
1.46 |
|
04-Aug-2023 |
claudio |
Convert calls to ibuf_length() where it is clear that the ibuf is not NULL to ibuf_size(). In some cases it is clear that the ibuf pointer should just be checked for NULL since afterwards a new ibuf is allocated in its place. OK tb@
|
#
1.45 |
|
28-Jul-2023 |
claudio |
Use ibuf_data() instead of accessing the ibuf buf pointer directly. Also convert some ibuf_add(() calls to ibuf_add_buf() where appropriate. OK tobhe@ tb@
|
#
1.44 |
|
06-Jun-2023 |
claudio |
Use ibuf_seek() instead of ibuf_data() + offset constructs. Effect is the same in these cases. OK tb@
|
#
1.43 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
#
1.42 |
|
30-Mar-2023 |
bluhm |
i2d_ECDSA_SIG() may return a negative value in case of error. Do no use this as length in iked(8) _dsa_verify_prepare(). OK tobhe@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.41 |
|
30-Nov-2022 |
tb |
Switch idiom of d2i_ECDSA_SIG() invocation
Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference here, it's better practice.
suggested by & ok markus
|
#
1.40 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.39 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.38 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.45 |
|
28-Jul-2023 |
claudio |
Use ibuf_data() instead of accessing the ibuf buf pointer directly. Also convert some ibuf_add(() calls to ibuf_add_buf() where appropriate. OK tobhe@ tb@
|
#
1.44 |
|
06-Jun-2023 |
claudio |
Use ibuf_seek() instead of ibuf_data() + offset constructs. Effect is the same in these cases. OK tb@
|
#
1.43 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
#
1.42 |
|
30-Mar-2023 |
bluhm |
i2d_ECDSA_SIG() may return a negative value in case of error. Do no use this as length in iked(8) _dsa_verify_prepare(). OK tobhe@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.41 |
|
30-Nov-2022 |
tb |
Switch idiom of d2i_ECDSA_SIG() invocation
Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference here, it's better practice.
suggested by & ok markus
|
#
1.40 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.39 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.38 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.44 |
|
06-Jun-2023 |
claudio |
Use ibuf_seek() instead of ibuf_data() + offset constructs. Effect is the same in these cases. OK tb@
|
#
1.43 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
#
1.42 |
|
30-Mar-2023 |
bluhm |
i2d_ECDSA_SIG() may return a negative value in case of error. Do no use this as length in iked(8) _dsa_verify_prepare(). OK tobhe@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.41 |
|
30-Nov-2022 |
tb |
Switch idiom of d2i_ECDSA_SIG() invocation
Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference here, it's better practice.
suggested by & ok markus
|
#
1.40 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.39 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.38 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.42 |
|
30-Mar-2023 |
bluhm |
i2d_ECDSA_SIG() may return a negative value in case of error. Do no use this as length in iked(8) _dsa_verify_prepare(). OK tobhe@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.41 |
|
30-Nov-2022 |
tb |
Switch idiom of d2i_ECDSA_SIG() invocation
Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference here, it's better practice.
suggested by & ok markus
|
#
1.40 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.39 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.38 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.41 |
|
30-Nov-2022 |
tb |
Switch idiom of d2i_ECDSA_SIG() invocation
Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference here, it's better practice.
suggested by & ok markus
|
#
1.40 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.39 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.38 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.40 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.39 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.38 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.39 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.38 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.38 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.37 |
|
29-Nov-2021 |
deraadt |
sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.36 |
|
18-Nov-2021 |
tb |
iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanza with an unconditional EVP_CIPHER_CTX_free().
ok tobhe
|
#
1.35 |
|
18-Nov-2021 |
tobhe |
Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.34 |
|
25-Feb-2021 |
tobhe |
Constify cipher API.
ok markus@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.33 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.32 |
|
26-Jan-2021 |
tobhe |
Add support for RSA-PSS PKCS1 signatures. Don't enable them by default for now because of interoperability issues.
ok patrick@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.31 |
|
06-Dec-2020 |
tobhe |
Add support for RSASSA-PSS signature verification (RFC 7427).
ok patrick@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.30 |
|
03-Dec-2020 |
tobhe |
Fix type mismatch. auth_method should be uint8_t.
ok markus@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.29 |
|
26-Nov-2020 |
tobhe |
Use a counter instead of random IV for AES-GCM. Security depends on choosing a unique IV for every encryption operation, using a counter as IV eliminates the risk of random collisions.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.28 |
|
26-May-2020 |
tobhe |
Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2. They can be configured with the new ikesa enc options aes-128-gcm, aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself Tested with Juniper SRX by remi@ ok sthen@, patrick@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.27 |
|
14-May-2020 |
tobhe |
Stricter return value checking for EVP_Cipher* calls.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.26 |
|
22-Apr-2020 |
tobhe |
Fix leaks in signature validation.
ok markus@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.25 |
|
20-Apr-2020 |
tobhe |
Remove unused 'dsa_cert' variable.
ok markus@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.24 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.23 |
|
14-Feb-2020 |
tobhe |
Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit() which allows us to support additional signing options like PSS padding in the future.
ok patrick@ markus@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.22 |
|
28-Aug-2017 |
otto |
fix char ** to const char ** conversion warning; ok mikeb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.21 |
|
27-Mar-2017 |
reyk |
spacing
|
#
1.20 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.19 |
|
31-Oct-2015 |
naddy |
RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@
|
#
1.18 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
#
1.17 |
|
19-Aug-2015 |
reyk |
spacing (no binary change, verified with checksums)
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.12 |
|
24-Jan-2014 |
markus |
don't leak prv RSA key for each signature; ok mikeb
|
#
1.11 |
|
04-Dec-2013 |
mikeb |
Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus.
|
#
1.10 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.9 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.8 |
|
15-Dec-2012 |
reyk |
Plug two memory leaks when cleaning up the dh/dsa crypto structures.
|
#
1.7 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
27-Aug-2011 |
mikeb |
Under certain circumstances iked can be tricked to bypass a signature verification caused by the incorrect check of the EVP_VerifyFinal return value. Issue was discovered and reported by Justin Ferguson, justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.5 |
|
21-Dec-2010 |
mikeb |
fixup log_warn and log_debug arguments; ok reyk
|
#
1.4 |
|
08-Nov-2010 |
mikeb |
fixup number rounding; ok reyk
|
#
1.3 |
|
30-Sep-2010 |
mikeb |
disable padding correctly. therefore we no longer need to supply additional space in the buffer and just pad input length up to the block size. finalization is not needed for properly padded data.
kills a bunch of XXX's and an annoying error from openssl.
also, check a result from CipherUpdate while here.
ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.2 |
|
14-Jun-2010 |
reyk |
fix block length for AES
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|