DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
hostapd/src/crypto
History
Jared Bents 841205a1ce OpenSSL: Add 'check_cert_subject' support for TLS server 
This patch added 'check_cert_subject' support to match the value of
every field against the DN of the subject in the client certificate. If
the values do not match, the certificate verification will fail and will
reject the user.

This option allows hostapd to match every individual field in the right
order, also allow '*' character as a wildcard (e.g OU=Development*).

Note: hostapd will match string up to 'wildcard' against the DN of the
subject in the client certificate for every individual field.

Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-11 14:09:45 +02:00
..
.gitignore Add rules for building src/crypto as a library 2009-12-05 22:03:46 +02:00
aes-cbc.c Add TEST_FAIL() condition to aes_128_cbc_encrypt/decrypt() 2015-11-28 20:46:36 +02:00
aes-ccm.c AES-CCM: Use os_memcmp_const() for hash/password comparisons 2014-07-02 12:38:47 +03:00
aes-ctr.c Extend AES-SIV implementation to support different key lengths 2016-10-10 19:40:59 +03:00
aes-eax.c crypto: Clear temporary heap allocations before freeing 2015-01-06 02:49:13 +02:00
aes-encblock.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
aes-gcm.c AES-GCM: Use os_memcmp_const() for hash/password comparisons 2014-07-02 12:38:47 +03:00
aes-internal-dec.c crypto: Add return value to DES and AES encrypt/decrypt 2017-02-28 11:23:54 +02:00
aes-internal-enc.c crypto: Add return value to DES and AES encrypt/decrypt 2017-02-28 11:23:54 +02:00
aes-internal.c Add support for using 192-bit and 256-bit keys with AES-GCM 2012-09-09 13:30:51 +03:00
aes-omac1.c tests: Add TEST_FAIL() condition to omac1_aes_vector() 2015-10-17 20:40:36 +03:00
aes-siv.c Use os_memdup() 2017-03-07 13:19:10 +02:00
aes-unwrap.c AES: Extend key wrap implementation to support longer data 2014-10-07 14:57:10 +03:00
aes-wrap.c AES: Extend key wrap implementation to support longer data 2014-10-07 14:57:10 +03:00
aes.h crypto: Add return value to DES and AES encrypt/decrypt 2017-02-28 11:23:54 +02:00
aes_i.h Add support for using 192-bit and 256-bit keys with AES-GCM 2012-09-09 13:30:51 +03:00
aes_siv.h Extend AES-SIV implementation to support different key lengths 2016-10-10 19:40:59 +03:00
aes_wrap.h Extend AES-SIV implementation to support different key lengths 2016-10-10 19:40:59 +03:00
crypto.h Add explicit checks for peer's DH public key 2019-03-05 17:05:03 +02:00
crypto_gnutls.c Add explicit checks for peer's DH public key 2019-03-05 17:05:03 +02:00
crypto_internal-cipher.c Fix AES block size handling for internal cipher 2012-09-09 14:12:59 +03:00
crypto_internal-modexp.c Add explicit checks for peer's DH public key 2019-03-05 17:05:03 +02:00
crypto_internal-rsa.c Add function for building RSA public key from n and e parameters 2014-05-19 23:27:30 +03:00
crypto_internal.c crypto: Add CRYPTO_HASH_ALG_SHA384 and CRYPTO_HASH_ALG_SHA512 2015-11-29 18:21:08 +02:00
crypto_libtomcrypt.c Add explicit checks for peer's DH public key 2019-03-05 17:05:03 +02:00
crypto_linux.c af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG) 2017-02-28 11:24:15 +02:00
crypto_module_tests.c tests: Extract-and-Expand HKDF (RFC 5869) 2017-03-11 22:40:31 +02:00
crypto_nettle.c Add explicit checks for peer's DH public key 2019-03-05 17:05:03 +02:00
crypto_none.c crypto: Add return value to DES and AES encrypt/decrypt 2017-02-28 11:23:54 +02:00
crypto_openssl.c Add explicit checks for peer's DH public key 2019-03-05 17:05:03 +02:00
crypto_wolfssl.c Add explicit checks for peer's DH public key 2019-03-05 17:05:03 +02:00
des-internal.c crypto: Add return value to DES and AES encrypt/decrypt 2017-02-28 11:23:54 +02:00
des_i.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
dh_group5.c Fix memory leak on NFC DH generation error path 2015-11-29 20:53:20 +02:00
dh_group5.h Add dh5_init_fixed() to allow fixed DH parameters to be used 2012-06-27 21:22:12 +03:00
dh_groups.c Add explicit checks for peer's DH public key 2019-03-05 17:05:03 +02:00
dh_groups.h Add Diffie-Hellman group definitions for MODP groups in RFC 5114 2013-01-12 17:51:54 +02:00
fips_prf_internal.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
fips_prf_openssl.c OpenSSL: Silence sparse warnings in fips186_2_prf() 2016-06-24 19:02:58 +03:00
fips_prf_wolfssl.c wolfSSL: Use new digest namespace 2018-05-02 12:04:46 +03:00
Makefile tests: TLS fuzzing tool 2019-02-11 02:35:29 +02:00
md4-internal.c crypto internal: Make MD4 PADDING array const 2019-01-02 17:26:57 +02:00
md5-internal.c Add TEST_FAIL() support for internal hash functions 2015-11-29 21:01:33 +02:00
md5.c crypto: Clear temporary stack buffers after use 2015-01-06 02:49:13 +02:00
md5.h FIPS: Remove md5-non-fips.c 2012-08-19 16:53:15 +03:00
md5_i.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
milenage.c Milenage: Use os_memcmp_const() for hash/password comparisons 2014-07-02 12:38:47 +03:00
milenage.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
ms_funcs.c crypto: Process des_encrypt() error returns in callers 2017-02-28 11:24:05 +02:00
ms_funcs.h crypto: Process des_encrypt() error returns in callers 2017-02-28 11:24:05 +02:00
random.c crypto: Add option to use getrandom() 2019-01-02 01:24:18 +02:00
random.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
rc4.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
sha1-internal.c Remove trailing whitespace 2016-12-28 14:31:42 +02:00
sha1-pbkdf2.c Convert remaining SSID routines from char* to u8* 2012-08-07 16:07:25 +03:00
sha1-prf.c crypto: Clear temporary stack buffers after use 2015-01-06 02:49:13 +02:00
sha1-tlsprf.c Explicitly clear temporary stack buffers in tls_prf_sha1_md5() 2015-03-29 16:43:03 +03:00
sha1-tprf.c Explicitly clear temporary stack buffer in sha1_t_prf() 2015-03-29 16:40:55 +03:00
sha1.c crypto: Clear temporary stack buffers after use 2015-01-06 02:49:13 +02:00
sha1.h Convert remaining SSID routines from char* to u8* 2012-08-07 16:07:25 +03:00
sha1_i.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
sha256-internal.c Remove trailing whitespace 2016-12-28 14:31:42 +02:00
sha256-kdf.c Extend hmac_sha256_kdf() to support HKDF-Expand() as defined in RFC 5869 2017-03-11 22:40:10 +02:00
sha256-prf.c SAE: Check SHA256-PRF operation result 2016-03-27 21:44:49 +03:00
sha256-tlsprf.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
sha256.c OpenSSL: Implement SHA256 HMAC functions using HMAC API 2012-08-16 22:34:35 +03:00
sha256.h SAE: Check SHA256-PRF operation result 2016-03-27 21:44:49 +03:00
sha256_i.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
sha384-internal.c Add SHA384 and SHA512 implementations from LibTomCrypt library 2015-11-29 18:19:32 +02:00
sha384-kdf.c Extend SHA-384 and SHA-512 support to match SHA-256 2017-06-17 18:04:12 +03:00
sha384-prf.c Return success/failure result from sha384_prf() 2017-03-12 20:43:06 +02:00
sha384.c Add HMAC-SHA384 with internal crypto 2017-02-16 22:15:29 +02:00
sha384.h Extend SHA-384 and SHA-512 support to match SHA-256 2017-06-17 18:04:12 +03:00
sha384_i.h Add SHA384 and SHA512 implementations from LibTomCrypt library 2015-11-29 18:19:32 +02:00
sha512-internal.c crypto: Reduce the size of sha512_compress() stack frame 2019-01-02 16:31:19 +02:00
sha512-kdf.c Extend SHA-384 and SHA-512 support to match SHA-256 2017-06-17 18:04:12 +03:00
sha512-prf.c Extend SHA-384 and SHA-512 support to match SHA-256 2017-06-17 18:04:12 +03:00
sha512.c Add internal HMAC-SHA512 implementation to fix NEED_SHA512 builds 2018-12-31 11:57:37 +02:00
sha512.h Extend SHA-384 and SHA-512 support to match SHA-256 2017-06-17 18:04:12 +03:00
sha512_i.h Add SHA384 and SHA512 implementations from LibTomCrypt library 2015-11-29 18:19:32 +02:00
tls.h OpenSSL: Add 'check_cert_subject' support for TLS server 2019-03-11 14:09:45 +02:00
tls_gnutls.c OpenSSL: Add 'check_cert_subject' support for TLS server 2019-03-11 14:09:45 +02:00
tls_internal.c OpenSSL: Add 'check_cert_subject' support for TLS server 2019-03-11 14:09:45 +02:00
tls_none.c hostapd: Add configuration option check_crl_strict 2018-12-31 12:51:51 +02:00
tls_openssl.c OpenSSL: Add 'check_cert_subject' support for TLS server 2019-03-11 14:09:45 +02:00
tls_openssl.h BoringSSL: Move OCSP implementation into a separate file 2015-12-04 20:08:31 +02:00
tls_openssl_ocsp.c BoringSSL: Keep static analyzers happier with X509_get0_pubkey_bitstr() 2016-03-16 21:34:01 +02:00
tls_wolfssl.c OpenSSL: Add 'check_cert_subject' support for TLS server 2019-03-11 14:09:45 +02:00