oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,368 Commits 2 Branches 2 Tags
3f36b4ad6815e2e5ebda61d1b5130e979166872b
Commit Graph

1949 Commits

Author SHA1 Message Date
Nicolas Williams
3e65dfbc32 Fix make dist missing files (#228) 2016-12-15 12:15:56 -06:00
Viktor Dukhovni
3657f23a9e Fix more doxygen bitrot 2016-12-15 04:28:21 -05:00
Nicolas Williams
2ebec2e4ec Fix some Doxygen warnings 2016-12-14 22:05:46 -06:00
Nicolas Williams
3ba12317a0 Misc fixes (coverity) 2016-11-28 15:09:55 -06:00
Nicolas Williams
943e76f99b Fix leak in hx509_general_name_unparse() 2016-11-20 17:43:51 -06:00
Nicolas Williams
52a562a3a4 Misc fixes (coverity) 2016-11-18 22:21:45 -06:00
Nicolas Williams
1c81ddf4e2 Round #2 of scan-build warnings cleanup 2016-11-16 17:03:14 -06:00
Nicolas Williams
953dc07391 Round #1 of scan-build warnings cleanup 2016-11-15 21:27:20 -06:00
Ed Maste
8ef0071d96 Remove duplicate symbols from libhx509 version-script.map 
Commit 7758a5d0 (r21331) added semiprivate function
_hx509_request_to_pkcs10 twice.
 2016-07-21 14:39:37 -04:00
Viktor Dukhovni
1017a594ef Use OpenSSL include path as needed 
For consistency make "-I" part of the macro value set by autoconf.

For now, don't attempt to handle OpenSSL rpath in cf/crypto.m4.
That's much easier by just setting LDFLAGS when running configure.
Otherwise too many Makefiles to edit and libtool and automake do
their best to undo the rpath.
 2016-05-07 05:29:12 -04:00
Viktor Dukhovni
131c8dd30e Export new ASN1 oid symbols and fix build 
We added some new OID symbols in libasn1, make them public.

When an older Heimdal is already installed and its libraries don't
have some newly created symbols we run into build or test problems,
if libtool decides to use installed rather than just-built libraries.
This was happening with a few of test programs in libhx509.  Fixed.
 2016-05-06 21:09:03 -04:00
Viktor Dukhovni
8078e089f1 Add support for ECDSA w/ SHA-2 signature algs 2016-04-15 10:32:50 -05:00
Nicolas Williams
490337f4f9 Make OpenSSL an hcrypto backend proper 
This adds a new backend for libhcrypto: the OpenSSL backend.

Now libhcrypto has these backends:

 - hcrypto itself (i.e., the algorithms coded in lib/hcrypto)
 - Common Crypto (OS X)
 - PKCS#11 (specifically for Solaris, but not Solaris-specific)
 - Windows CNG (Windows)
 - OpenSSL (generic)

The ./configure --with-openssl=... option no longer disables the use of
hcrypto.  Instead it enables the use of OpenSSL as a (and the default)
backend in libhcrypto.  The libhcrypto framework is now always used.

OpenSSL should no longer be used directly within Heimdal, except in the
OpenSSL hcrypto backend itself, and files where elliptic curve (EC)
crypto is needed.

Because libhcrypto's EC support is incomplete, we can only use OpenSSL
for EC.  Currently that means separating all EC-using code so that it
does not use hcrypto, thus the libhx509/hxtool and PKINIT EC code has
been moved out of the files it used to be in.
 2016-04-15 00:16:17 -05:00
Nicolas Williams
9df88205ba Fix double-free in lib/hx509/crypto.c 2016-04-15 00:16:16 -05:00
Nicolas Williams
97425a44a2 hx509/crypto.c: fix invalid pointer deref 2016-02-29 19:13:11 -06:00
Luke Howard
f789d8403e hx509: explicitly include ref/pkcs11.h 
review comment from Nico Williams: explicitly include ref/pkcs11.h to
avoid any conflict with system PKCS#11 header
 2015-12-09 11:03:48 +11:00
Luke Howard
ed3e748c75 hx509: update to newer PKCS#11 header 
newer PKCS#11 reference header file, sourced from SoftHSM
 2015-12-09 10:59:08 +11:00
Timothy Pearson
042b1ee7cb Do not crash if private key not found 2015-09-24 15:48:14 -05:00
Timothy Pearson
1d07f08351 Add ability to specifiy PKCS#11 slot number when using hx509 
Example usage: kinit -C PKCS11:/usr/lib/opensc-pkcs11.so,slot=3 foo@BAR.TLD
 2015-09-24 15:34:51 -05:00
HenryJacques
5a4e9d1539 Fix typo 2015-07-20 10:45:06 +02:00
HenryJacques
35a569bd83 Allow to use more than one token 
This is needed if the first is not usable
 2015-07-20 10:14:38 +02:00
HenryJacques
1639697c97 add error codes related to User PIN 2015-07-20 10:12:50 +02:00
HenryJacques
75a304c452 Fix typo 2015-07-20 10:08:57 +02:00
HenryJacques
5cf302def7 Add new error codes related to PIN 
Not all error codes have been added, only the most common ones.
 2015-07-20 10:07:08 +02:00
Love Hörnquist Åstrand
a26007cebc (keychain_init): free ctx on error 2015-04-18 17:08:09 -07:00
Viktor Dukhovni
745eeb1252 Ensure DER form of hxtool ca random serial numbers 2015-03-05 03:57:30 -05:00
Viktor Dukhovni
b7ca6bbc7a Revert "make sure that serial number is valid DER when done ..." 
A simpler fix will be the next commit.

This reverts commit 35add96d37.
 2015-03-05 03:56:04 -05:00
Love Hörnquist Åstrand
35add96d37 make sure that serial number is valid DER when done (found by Viktor Dukhovni) 2015-03-05 00:26:03 -08:00
Viktor Dukhovni
ba39f42b81 TBS vs Certificate sigalg consistency for RSA 2015-03-04 19:51:11 -05:00
Love Hörnquist Åstrand
30768c75bb make quiet 2014-08-22 21:25:01 -07:00
Love Hörnquist Åstrand
37afa01be3 rename roken base64, fixes #107 2014-08-22 20:57:24 -07:00
Jelmer Vernooij
70e43e9808 Fix some typos. 2014-04-25 02:42:17 +02:00
Jelmer Vernooij
c5e8e049cb Fix some typos. 2014-04-23 03:05:23 +02:00
Jelmer Vernooij
cc495fd78d Avoid breaking symbol names for all previously present functions. 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Nicolas Williams <nico@cryptonector.com>
 2014-03-24 22:45:13 -05:00
Viktor Dukhovni
46e0bd3c68 Use P-256 for EC tests 
Fedora/RedHat OpenSSL supports only P-256, P-384 and P-521.

The new mkcert.sh script can create updated certs when these
expire on Jan 17th 2038.
 2014-03-12 21:18:03 -04:00
Jeffrey Altman
f3d9d4119e export hx509_ca_tbs_set_signature_algorithm 
hx509_ca_tbs_set_signature_algorithm was added by commit
c69c4634ad.  It must be exported
for use by hxtool on Windows.

Change-Id: I14b927abde96814ae2e0a90f232ab00915a9f29e
 2014-02-16 21:01:57 -05:00
Love Hörnquist Åstrand
dbf523a15d clean files 2014-02-16 11:52:22 -08:00
Love Hörnquist Åstrand
762a72d650 use noinst_HEADERS for hx509-private.h 2014-02-16 09:15:48 -08:00
Love Hörnquist Åstrand
cae2e6f168 include hx509-private.h 2014-02-16 09:15:39 -08:00
Love Hörnquist Åstrand
c69c4634ad allow setting signature algorithm 2014-02-12 09:46:02 -08:00
Jelmer Vernooij
906922b990 Include heimbase.h in hx509.h; required for heim_err_t. 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2013-11-20 00:42:26 +00:00
Love Hornquist Astrand
7439cb7c54 check the EE if its a proxy certificate and fail up front 2013-10-21 08:43:24 -07:00
Nicolas Williams
704a8a1d37 Don't use %zu 
Eventually we'll need to make sure that a) libroken's stdint.h defines
the max integer types, b) the libroken *printf()s can handle all the
standard length and conversion specifiers.
 2013-10-04 18:58:31 -04:00
Love Hornquist Astrand
dba64ce7f5 Increment array when comparing, from Harald Barth 2013-09-30 21:15:35 -07:00
Jeffrey Altman
ab72ccbab3 Export missing asn1 and hx509 functions on Windows 
der_copy_unsigned64
der_free_unsigned64
der_get_integer64
encode_KDCFastCookie
encode_KDCFastState
free_KDCFastCookie
free_KDCFastState
hx509_revoke_print

Change-Id: I29d96705d1ac811109719b6358dc0932c72e8df8
 2013-06-22 21:17:16 -04:00
Love Hornquist Astrand
4e44171a28 cast away enum warnings 2013-06-03 22:05:09 -07:00
Love Hornquist Astrand
80fe143874 remove deprected warnings until we can move to non deprecated api 2013-06-03 22:03:20 -07:00
Love Hornquist Astrand
ebe9b82b8d Fix warning (from Victor) 2013-06-03 21:56:34 -07:00
Love Hornquist Astrand
060474df16 quel 64bit warnings, fixup implicit encoding for template, fix spelling 2013-06-03 21:46:20 -07:00
Patrik Lundin
0ff637618e add version print 2013-05-01 13:46:35 -07:00