cbe156d927
Use OpenSSL 3.x _only_ and implement RFC 8636
...
- No more OpenSSL 1.x support
- Remove 1DES and 3DES
- Remove NETLOGON, NTLM (client and 'digest' service)
2026-01-18 19:06:16 -06:00
e84bcc29d3
hx509: Flags are unsigned
2021-12-18 11:34:12 +11:00
e515745996
hx509: private key exclusion options
...
Add two ways to exclude private keys when dealing with an hx509
certificate store. One as a load option (load no private keys, never
add private keys), one as a store option (store no private keys).
This is useful for CA code so it can have a single store with the
issuer's credentials _and_ the chain for it, and copy those to a store
with the issued certificate and _not_ accidentally include the issuer's
private key.
It would be much safer still to flip the default for this flag, but that
could break out-of-tree libhx509 dependents.
2019-12-09 18:10:10 -06:00
41fcafd20c
hx509: add hx509_certs_destroy()
2019-10-03 13:09:18 -05:00
63116100a8
hx509: do not crash on missing FILE: name
2019-10-03 13:09:18 -05:00
befe1b8f90
always load plugins with RTLD_LOCAL/RTLD_GROUP if available
2019-01-03 20:06:27 -06:00
1dd38cc3de
lib/hx509: declare and apply HX509_LIB_xxx macros
...
libhx509 is not built according to the same export and calling conventions
on Windows as the other libraries. This change declares and applies
HX509_LIB_FUNCTION, HX509_LIB_NORETURN_FUNCTION, HX509_LIB_CALL and
HX509_LIB_VARIABLE to lib/hx509.
As a result of this change the calling convention for exported functions
will be __stdcall instead of __cdecl.
Change-Id: Ibc3f05e8088030ef7d13798f1d9c9b190bc57797
2019-01-02 10:23:39 -06:00
f789d8403e
hx509: explicitly include ref/pkcs11.h
...
review comment from Nico Williams: explicitly include ref/pkcs11.h to
avoid any conflict with system PKCS#11 header
2015-12-09 11:03:48 +11:00
1d07f08351
Add ability to specifiy PKCS#11 slot number when using hx509
...
Example usage: kinit -C PKCS11:/usr/lib/opensc-pkcs11.so,slot=3 foo@BAR.TLD
2015-09-24 15:34:51 -05:00
5a4e9d1539
Fix typo
2015-07-20 10:45:06 +02:00
35a569bd83
Allow to use more than one token
...
This is needed if the first is not usable
2015-07-20 10:14:38 +02:00
1639697c97
add error codes related to User PIN
2015-07-20 10:12:50 +02:00
75a304c452
Fix typo
2015-07-20 10:08:57 +02:00
353ac10863
fix use after free
2012-11-27 21:58:04 -08:00
029de6cfa4
pass back an heim_error from hx509_cert_init
2012-10-07 06:33:13 -07:00
cc47c8fa7b
Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.
...
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer. Note that we get different
warnings on different machines and so this will be a work in
progress. So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).
Notably, we fixed
1. a lot of missing structure initialisers,
2. unchecked return values for functions that glibc
marks as __attribute__((warn-unused-result)),
3. made minor modifications to slc and asn1_compile
which can generate code which generates warnings,
and
4. a few stragglers here and there.
We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g. rsh, rcp,
popper, ftp and telnet.
Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.
We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
2012-02-20 19:45:41 +00:00
0879b9831a
remove trailing whitespace
2011-05-21 11:57:31 -07:00
f5f9014c90
Warning fixes from Christos Zoulas
...
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
2011-04-29 20:25:05 -07:00
36ade8b509
hx509: Make various functions used by Samba public.
...
* hx509_cert_public_encrypt
* hx509_parse_private_key
* hx509_private_key_assign_rsa
* hx509_private_key_free
* hx509_private_key_private_decrypt
* hx509_private_key_init
* hx509_private_key2SPKI
* hx509_request_get_name
* hx509_request_get_SubjectPublicKeyInfo
* hx509_request_free
* hx509_request_init
* hx509_request_set_name
* hx509_request_set_SubjectPublicKeyInfo
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2011-02-23 19:47:28 -08:00
0d09c879f3
Reduce compiler warnings on Windows
2010-08-20 13:04:06 -04:00
2a842e90d3
Drop MD2 support
...
Patch partly from Guillaume Rousse
2010-04-28 22:10:27 +02:00
8a5799199b
Use OID variable instead of function.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25238 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-05-28 01:18:23 +00:00
5385679acd
cast size_t to int for "%.*s"
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25184 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-05-06 19:02:14 +00:00
a041ea8906
remove unused return value
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25179 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-05-06 19:01:15 +00:00
ff5dab4f4a
remove rcsid
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24795 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-02-22 23:28:18 +00:00
8d59ecffe5
don't set P11_LOGIN_DONE before we're logged in
...
fixes crash on subsequent logins
From: Guido Günther.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23858 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-22 06:32:15 +00:00
f31067f2fc
[PATCH] don't try to clean unset P11_SESSION_IN_USE
...
fixes abort()
From: Guido Günther.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23857 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-22 06:32:11 +00:00
6937d41a02
remove trailing whitespace
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 09:21:03 +00:00
e172367898
switch to utf8 encoding of all files
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 08:53:55 +00:00
8b628c715f
catch error from iterate_entries
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23504 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-08-11 10:00:19 +00:00
019e45aea2
Use unsigned where appropriate.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22899 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-07 18:52:36 +00:00
c72b88116e
make refcount slightly more sane.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22853 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-07 18:49:16 +00:00
5fed824f37
its vs it\'s etc. From Bjorn Sandell
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-11-14 20:04:50 +00:00
1b2bb27066
Add sha2 types.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21387 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-28 08:53:45 +00:00
f622a16e97
Add hx509_cert_init_data and use everywhere
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21085 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-13 06:39:53 +00:00
0800216d7b
Prefix rsa method with p11_
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20920 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-05 05:47:06 +00:00
afbe259df2
Update _hx509_collector_alloc prototype.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20774 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-01 22:00:08 +00:00
7971b73f40
add more mechtypes
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20672 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-05-13 06:57:21 +00:00
401751b73d
Add some more hashes.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20641 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-05-10 17:59:25 +00:00
82a45c7036
constify
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19839 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-11 09:55:09 +00:00
a905f0338c
(collect_private_key): Missing CKA_MODULUS is ok too (XXX why should
...
these be fetched given they are not used).
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19790 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-09 19:43:35 +00:00
80977a02f6
Factor out private key operation out of the signing, operations, support import, export, and generation of private keys. Add support for writing PEM and PKCS12 files with private keys in them.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19778 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-09 10:52:13 +00:00
3928ceb728
Headerfile <pkcs11.h> is now freestanding, remove pkcs11u.h.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19721 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-05 15:32:05 +00:00
59238c7f99
Remember to p11_put_session in the failure cases too.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19305 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-12-11 18:42:42 +00:00
fa270376d8
Pass in hx509_signature_rsa to key collector
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19300 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-12-09 12:18:09 +00:00
77e4ca555d
Return less EINVAL.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18876 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-24 19:57:16 +00:00
7f316a5b1e
Sprinkle more hx509_context so we can return propper errors.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18860 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-24 13:21:17 +00:00
f8bf18b7cc
(p11_list_keys): make element of search_data[0] constants and set them later
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18591 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-19 11:02:01 +00:00
ead04d2e0e
Remember to release certs.
...
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18472 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-16 09:50:49 +00:00
42ed1a9b6e
(p11_release_module): j needs to be used as inter loop index. From
...
Douglas Engert.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18406 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-10-11 21:14:14 +00:00
Nicolas Williams