summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/openssl')
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crl.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.c39
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c309
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c3
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_util.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c45
8 files changed, 252 insertions, 157 deletions
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index d1c8fce81..8994ff1b4 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -198,6 +198,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -206,6 +209,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -222,11 +226,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -270,6 +276,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 58401faa5..9a9efb2b6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -185,7 +185,7 @@ METHOD(crl_t, create_enumerator, enumerator_t*,
free(enumerator);
return enumerator_create_empty();
}
- enumerator->num = sk_X509_EXTENSION_num(enumerator->stack);
+ enumerator->num = sk_X509_REVOKED_num(enumerator->stack);
return &enumerator->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 78ed2811a..9e4067589 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -219,7 +219,7 @@ METHOD(diffie_hellman_t, set_other_public_value, void,
return;
}
- chunk_free(&this->shared_secret);
+ chunk_clear(&this->shared_secret);
if (!compute_shared_key(this, &this->shared_secret)) {
DBG1(DBG_LIB, "ECDH shared secret computation failed");
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index f4c4759bf..950504573 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -1,6 +1,6 @@
/*
+ * Copyright (C) 2008-2012 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -371,14 +371,17 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
va_list args)
{
private_openssl_ec_private_key_t *this;
- chunk_t blob = chunk_empty;
+ chunk_t par = chunk_empty, key = chunk_empty;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
+ case BUILD_BLOB_ALGID_PARAMS:
+ par = va_arg(args, chunk_t);
+ continue;
case BUILD_BLOB_ASN1_DER:
- blob = va_arg(args, chunk_t);
+ key = va_arg(args, chunk_t);
continue;
case BUILD_END:
break;
@@ -389,18 +392,36 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
}
this = create_empty();
- this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
- if (!this->ec)
+
+ if (par.ptr)
{
- destroy(this);
- return NULL;
+ this->ec = d2i_ECParameters(NULL, (const u_char**)&par.ptr, par.len);
+ if (!this->ec)
+ {
+ goto error;
+ }
+ if (!d2i_ECPrivateKey(&this->ec, (const u_char**)&key.ptr, key.len))
+ {
+ goto error;
+ }
+ }
+ else
+ {
+ this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&key.ptr, key.len);
+ if (!this->ec)
+ {
+ goto error;
+ }
}
if (!EC_KEY_check_key(this->ec))
{
- destroy(this);
- return NULL;
+ goto error;
}
return &this->public;
+
+error:
+ destroy(this);
+ return NULL;
}
#endif /* OPENSSL_NO_EC */
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 96aa38bb6..c93ceacc9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -199,40 +199,175 @@ METHOD(plugin_t, get_name, char*,
return "openssl";
}
+METHOD(plugin_t, get_features, int,
+ private_openssl_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ /* crypters */
+ PLUGIN_REGISTER(CRYPTER, openssl_crypter_create),
+#ifndef OPENSSL_NO_AES
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
+#endif
+#ifndef OPENSSL_NO_RC5
+ PLUGIN_PROVIDE(CRYPTER, ENCR_RC5, 0),
+#endif
+#ifndef OPENSSL_NO_CAST
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAST, 0),
+#endif
+#ifndef OPENSSL_NO_BLOWFISH
+ PLUGIN_PROVIDE(CRYPTER, ENCR_BLOWFISH, 0),
+#endif
+#ifndef OPENSSL_NO_IDEA
+ PLUGIN_PROVIDE(CRYPTER, ENCR_IDEA, 16),
+#endif
+#ifndef OPENSSL_NO_DES
+ PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
+#endif
+ PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
+ /* hashers */
+ PLUGIN_REGISTER(HASHER, openssl_hasher_create),
+#ifndef OPENSSL_NO_SHA1
+ PLUGIN_PROVIDE(HASHER, HASH_SHA1),
+#endif
+#ifndef OPENSSL_NO_MD2
+ PLUGIN_PROVIDE(HASHER, HASH_MD2),
+#endif
+#ifndef OPENSSL_NO_MD4
+ PLUGIN_PROVIDE(HASHER, HASH_MD4),
+#endif
+#ifndef OPENSSL_NO_MD5
+ PLUGIN_PROVIDE(HASHER, HASH_MD5),
+#endif
+#ifndef OPENSSL_NO_SHA256
+ PLUGIN_PROVIDE(HASHER, HASH_SHA224),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA256),
+#endif
+#ifndef OPENSSL_NO_SHA512
+ PLUGIN_PROVIDE(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA512),
+#endif
+#ifndef OPENSSL_NO_SHA1
+ /* keyed sha1 hasher (aka prf) */
+ PLUGIN_REGISTER(PRF, openssl_sha1_prf_create),
+ PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1),
+#endif
+#ifndef OPENSSL_NO_DH
+ /* MODP DH groups */
+ PLUGIN_REGISTER(DH, openssl_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+#endif
+#ifndef OPENSSL_NO_RSA
+ /* RSA private/public key loading */
+ PLUGIN_REGISTER(PRIVKEY, openssl_rsa_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_REGISTER(PRIVKEY, openssl_rsa_private_key_connect, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_REGISTER(PRIVKEY_GEN, openssl_rsa_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
+ PLUGIN_REGISTER(PUBKEY, openssl_rsa_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ PLUGIN_REGISTER(PUBKEY, openssl_rsa_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+ /* signature/encryption schemes */
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
+#ifndef OPENSSL_NO_SHA1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+#endif
+#ifndef OPENSSL_NO_SHA256
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+#endif
+#ifndef OPENSSL_NO_SHA512
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+#endif
+#ifndef OPENSSL_NO_MD5
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
+#endif
+ PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
+#endif /* OPENSSL_NO_RSA */
+ /* certificate/CRL loading */
+ PLUGIN_REGISTER(CERT_DECODE, openssl_x509_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509),
+ PLUGIN_REGISTER(CERT_DECODE, openssl_crl_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_CRL),
+#ifndef OPENSSL_NO_ECDH
+ /* EC DH groups */
+ PLUGIN_REGISTER(DH, openssl_ec_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_PROVIDE(DH, ECP_384_BIT),
+ PLUGIN_PROVIDE(DH, ECP_521_BIT),
+ PLUGIN_PROVIDE(DH, ECP_224_BIT),
+ PLUGIN_PROVIDE(DH, ECP_192_BIT),
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ /* EC private/public key loading */
+ PLUGIN_REGISTER(PRIVKEY, openssl_ec_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
+ PLUGIN_REGISTER(PRIVKEY_GEN, openssl_ec_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
+ PLUGIN_REGISTER(PUBKEY, openssl_ec_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
+ /* signature encryption schemes */
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
+#ifndef OPENSSL_NO_SHA1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
+#endif
+#ifndef OPENSSL_NO_SHA256
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
+#endif
+#ifndef OPENSSL_NO_SHA512
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
+#endif
+#endif /* OPENSSL_NO_ECDSA */
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_openssl_plugin_t *this)
{
- lib->crypto->remove_crypter(lib->crypto,
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->remove_hasher(lib->crypto,
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)openssl_sha1_prf_create);
- lib->crypto->remove_dh(lib->crypto,
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_rsa_private_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_rsa_private_key_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_rsa_private_key_connect);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_rsa_public_key_load);
-#ifndef OPENSSL_NO_EC
- lib->crypto->remove_dh(lib->crypto,
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_ec_private_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_ec_private_key_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_ec_public_key_load);
-#endif /* OPENSSL_NO_EC */
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_x509_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_crl_load);
-
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif /* OPENSSL_NO_ENGINE */
@@ -255,7 +390,7 @@ plugin_t *openssl_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
@@ -279,116 +414,6 @@ plugin_t *openssl_plugin_create()
return NULL;
}
- /* crypter */
- lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_RC5, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_NULL, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
-
- /* hasher */
- lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
-
- /* prf */
- lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this),
- (prf_constructor_t)openssl_sha1_prf_create);
-
- /* (ec) diffie hellman */
- lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
-#ifndef OPENSSL_NO_EC
- lib->crypto->add_dh(lib->crypto, ECP_256_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_384_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_521_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_224_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_192_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
-#endif /* OPENSSL_NO_EC */
- lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
-
- /* rsa */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
- (builder_function_t)openssl_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
- (builder_function_t)openssl_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
- (builder_function_t)openssl_rsa_private_key_connect);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
- (builder_function_t)openssl_rsa_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
- (builder_function_t)openssl_rsa_public_key_load);
-
-#ifndef OPENSSL_NO_EC
- /* ecdsa */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, TRUE,
- (builder_function_t)openssl_ec_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE,
- (builder_function_t)openssl_ec_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, TRUE,
- (builder_function_t)openssl_ec_public_key_load);
-#endif /* OPENSSL_NO_EC */
-
- /* X509 certificates */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE,
- (builder_function_t)openssl_x509_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE,
- (builder_function_t)openssl_crl_load);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 422e31521..a24bae5d6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -44,6 +44,8 @@ struct private_openssl_rsa_public_key_t {
refcount_t ref;
};
+
+
/**
* Verification of an EMPSA PKCS1 signature described in PKCS#1
*/
@@ -386,4 +388,3 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type,
destroy(this);
return NULL;
}
-
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index 99dca3631..1eb1c6723 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -130,7 +130,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1)
{
if (asn1)
{
- return chunk_create(asn1->data, asn1->length);
+ return chunk_create((u_char*)asn1->data, asn1->length);
}
return chunk_empty;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index f7495b2ae..5caf5182c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -597,7 +600,7 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this,
}
if (constraints->pathlen)
{
-
+
pathlen = ASN1_INTEGER_get(constraints->pathlen);
this->pathlen = (pathlen >= 0 && pathlen < 128) ?
pathlen : X509_NO_CONSTRAINT;
@@ -609,6 +612,41 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this,
}
/**
+ * parse key usage
+ */
+static bool parse_keyUsage_ext(private_openssl_x509_t *this,
+ X509_EXTENSION *ext)
+{
+ ASN1_BIT_STRING *usage;
+
+ usage = X509V3_EXT_d2i(ext);
+ if (usage)
+ {
+ if (usage->length > 0)
+ {
+ int flags = usage->data[0];
+ if (usage->length > 1)
+ {
+ flags |= usage->data[1] << 8;
+ }
+ switch (flags)
+ {
+ case X509v3_KU_CRL_SIGN:
+ this->flags |= X509_CRL_SIGN;
+ break;
+ case X509v3_KU_KEY_CERT_SIGN:
+ /* we use the caBasicContraint, MUST be set */
+ default:
+ break;
+ }
+ }
+ ASN1_BIT_STRING_free(usage);
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
* Parse CRL distribution points
*/
static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this,
@@ -713,7 +751,7 @@ static bool parse_authorityInfoAccess_ext(private_openssl_x509_t *this,
{
if (asprintf(&uri, "%Y", id) > 0)
{
- this->ocsp_uris->insert_first(this->ocsp_uris, uri);
+ this->ocsp_uris->insert_last(this->ocsp_uris, uri);
}
id->destroy(id);
}
@@ -804,6 +842,9 @@ static bool parse_extensions(private_openssl_x509_t *this)
case NID_basic_constraints:
ok = parse_basicConstraints_ext(this, ext);
break;
+ case NID_key_usage:
+ ok = parse_keyUsage_ext(this, ext);
+ break;
case NID_crl_distribution_points:
ok = parse_crlDistributionPoints_ext(this, ext);
break;