Issue #3148

Control flow to OpenSSL

Added by amritha rao 3 months ago. Updated about 1 month ago.

Affected version:
No feedback



I could not find this info in the README section or in the Strongswan forum which is why I'm posting it here.
Suppose I'm using the OpenSSL engine to perform IKEv1 and IKEv2, then how does the control flow to OpenSSL?
Code for IKE I see is in libcharon. So I'm interested in understanding how does control from libstrongswan and libcharon and OpenSSL plugin.

Thanks in advance!


#1 Updated by Tobias Brunner 3 months ago

  • Status changed from New to Feedback

What exactly do you want to know?

#2 Updated by Noel Kuntze 3 months ago

OpenSSL is only used for cryptographic primitives, third party lib dependencies and certificate authentication (if no other plugin provides the functionality). OpenSSL never takes part in the IKE negotiation as part of the control flow of the protocol or the parsing of packets. Only its primitives are used for cryptographic operations (and certificate parsing and authentication).

#3 Updated by amritha rao 3 months ago

Thanks for the response.
Where is the code that performs the key derivation?
What OpenSSL calls does it use?

#4 Updated by Noel Kuntze 3 months ago

Check the openssl plugin's source code in the repository ( or Github.

#5 Updated by amritha rao 3 months ago

Thanks for the response.
I've already looked into the openssl plugin. What I want to know is, how OpenSSL gets used to perform Key derivation of IKE keys.

#7 Updated by Tobias Brunner about 1 month ago

  • Status changed from Feedback to Closed
  • Resolution set to No feedback

Also available in: Atom PDF