oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,559 Commits 2 Branches 2 Tags
2f3f88e53a83a1033ec57b51b85aad3a88fa5b10
Commit Graph

187 Commits

Author SHA1 Message Date
Jeffrey Altman
12afd9c4b7 include field separators in comparison 
When comparing the first component of a multi-component
string that uses a field separator (e.g., '/' or ':'), be sure
to include the separator in the comparison to ensure that the
comparison does not succeed due to a prefix match.

Change-Id: Ieec3e73cb015a83bb652ec11cd7d83e57755c3d2
 2017-04-29 01:05:59 -04:00
Nicolas Williams
490337f4f9 Make OpenSSL an hcrypto backend proper 
This adds a new backend for libhcrypto: the OpenSSL backend.

Now libhcrypto has these backends:

 - hcrypto itself (i.e., the algorithms coded in lib/hcrypto)
 - Common Crypto (OS X)
 - PKCS#11 (specifically for Solaris, but not Solaris-specific)
 - Windows CNG (Windows)
 - OpenSSL (generic)

The ./configure --with-openssl=... option no longer disables the use of
hcrypto.  Instead it enables the use of OpenSSL as a (and the default)
backend in libhcrypto.  The libhcrypto framework is now always used.

OpenSSL should no longer be used directly within Heimdal, except in the
OpenSSL hcrypto backend itself, and files where elliptic curve (EC)
crypto is needed.

Because libhcrypto's EC support is incomplete, we can only use OpenSSL
for EC.  Currently that means separating all EC-using code so that it
does not use hcrypto, thus the libhx509/hxtool and PKINIT EC code has
been moved out of the files it used to be in.
 2016-04-15 00:16:17 -05:00
Jelmer Vernooij
70e43e9808 Fix some typos. 2014-04-25 02:42:17 +02:00
Love Hörnquist Åstrand
c69c4634ad allow setting signature algorithm 2014-02-12 09:46:02 -08:00
Love Hornquist Astrand
bcbd477a20 support parsing PEM CRL files and printing revoke contexts 2013-04-27 12:42:12 -07:00
Roland C. Dowdeswell
67d9094665 Allow hxtool to process multiple --pk-init-principal args. 2012-04-05 20:20:19 +01:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues. 
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
 2012-02-20 19:45:41 +00:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Jelmer Vernooij
36ade8b509 hx509: Make various functions used by Samba public. 
* hx509_cert_public_encrypt
* hx509_parse_private_key
* hx509_private_key_assign_rsa
* hx509_private_key_free
* hx509_private_key_private_decrypt
* hx509_private_key_init
* hx509_private_key2SPKI
* hx509_request_get_name
* hx509_request_get_SubjectPublicKeyInfo
* hx509_request_free
* hx509_request_init
* hx509_request_set_name
* hx509_request_set_SubjectPublicKeyInfo

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-02-23 19:47:28 -08:00
Love Hornquist Astrand
44dfbeb596 add --no-embedded-cert and --embed-leak-only 2010-08-10 10:41:58 -07:00
Love Hornquist Astrand
cad74796e5 use hx509_certs_iter_f 2009-11-22 13:52:43 -08:00
Love Hornquist Astrand
d4e2da58cf count certs that verify and if no verify at all, whine 2009-09-30 01:17:50 -07:00
Love Hornquist Astrand
0e762f8689 support output passphrases for copy certificate 2009-09-29 11:28:12 -07:00
Love Hornquist Astrand
92075b8825 add allow wrong oid flag, short for trust anchors 2009-09-23 00:02:46 -07:00
Love Hornquist Astrand
d7dcaae909 str unused, drop 2009-09-21 06:26:39 -07:00
Love Hornquist Astrand
9c89bf0a73 use hx509_print_cert 2009-09-21 06:23:34 -07:00
Love Hornquist Astrand
27b8565d5f Make verifing detached signatures easier 2009-08-20 16:27:25 -07:00
Love Hornquist Astrand
62dc336bf9 Friendlier signing 2009-08-20 09:59:05 -07:00
Love Hornquist Astrand
a7b2f1460b Allow --no-signer to work 2009-08-20 08:50:27 -07:00
Love Hornquist Astrand
c9bc9957aa add ecdsa: hcrypto null if we are not using openssl 2009-08-14 16:21:01 +02:00
Love Hörnquist Åstrand
7df0a533ab Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25239 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:18:32 +00:00
Love Hörnquist Åstrand
6fcb49d88f ignore failure when --never-fail flag is passed in 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25223 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-25 23:43:47 +00:00
Love Hörnquist Åstrand
213f234111 use flags to hx509_cms_envelope_1 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25207 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-09 14:22:16 +00:00
Love Hörnquist Åstrand
f7a8d0bc32 add allow weak crypto flag 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24960 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-26 23:12:35 +00:00
Love Hörnquist Åstrand
471260363f catch errors 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24861 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:31:31 +00:00
Love Hörnquist Åstrand
ff5dab4f4a remove rcsid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24795 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-22 23:28:18 +00:00
Love Hörnquist Åstrand
1ea672676b ECDSA_METHOD-not-export if openssl 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24702 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:13:48 +00:00
Love Hörnquist Åstrand
fead259d5d use hx509_err 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24659 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-09 17:15:52 +00:00
Love Hörnquist Åstrand
27ca60fe93 Change prototype of hx509_certs_filter(). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24611 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:09:41 +00:00
Love Hörnquist Åstrand
d45c54a7f9 spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24588 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:05:51 +00:00
Love Hörnquist Åstrand
2e00892ffd handle unsigned signeddata 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24585 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:05:20 +00:00
Love Hörnquist Åstrand
f0214c8843 use hx509_cms_create_signed to create signed data 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24579 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:04:18 +00:00
Love Hörnquist Åstrand
131b3d34f5 add flag to hx509_cms_verify_signed 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24199 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-15 04:32:00 +00:00
Love Hörnquist Åstrand
1cfff7cc93 check for failues, cid#160 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24152 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:08:37 +00:00
Love Hörnquist Åstrand
1db27e217e check for failues for hex_encode, cid#159 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24151 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:08:26 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
6ff91f7f31 check return value 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23662 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-25 02:30:36 +00:00
Love Hörnquist Åstrand
225a6e45af catch error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23512 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 10:01:02 +00:00
Love Hörnquist Åstrand
ba8498ce09 catch error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23509 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 10:00:47 +00:00
Love Hörnquist Åstrand
9365904540 Catch hx509_certs_init() to fail. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23491 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 09:58:51 +00:00
Love Hörnquist Åstrand
b1f885befe use rk_undumpdata, spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23413 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:34:53 +00:00
Love Hörnquist Åstrand
bde1d0fe9c Break out print_eval_types(). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23346 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-14 14:53:51 +00:00
Love Hörnquist Åstrand
f1157b67d7 can't do --self-signed and --request at the same time. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23345 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-14 13:43:50 +00:00
Love Hörnquist Åstrand
58acbe046a Make cert types more dynamtic and provide help string. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23343 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-14 13:42:15 +00:00
Love Hörnquist Åstrand
cb61e8d474 drop time_now, its part of the verify context. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23267 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:23:38 +00:00
Love Hörnquist Åstrand
7776ed30a9 Add language to support querying certificates to find a match. Support constructs like "1.3.6.1.5.2.3.5" IN %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE"". 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22677 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-13 17:35:49 +00:00
Love Hörnquist Åstrand
35a3b73c9c Support verifying PEM signature files. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22651 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-26 12:28:23 +00:00