oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,787 Commits 2 Branches 2 Tags
686d5116dec3d941f700deb51082b86f78687e46
Commit Graph

83 Commits

Author SHA1 Message Date
Nicolas Williams
e515745996 hx509: private key exclusion options 
Add two ways to exclude private keys when dealing with an hx509
certificate store.  One as a load option (load no private keys, never
add private keys), one as a store option (store no private keys).

This is useful for CA code so it can have a single store with the
issuer's credentials _and_ the chain for it, and copy those to a store
with the issued certificate and _not_ accidentally include the issuer's
private key.

It would be much safer still to flip the default for this flag, but that
could break out-of-tree libhx509 dependents.
 2019-12-09 18:10:10 -06:00
Nicolas Williams
41fcafd20c hx509: add hx509_certs_destroy() 2019-10-03 13:09:18 -05:00
Nicolas Williams
63116100a8 hx509: do not crash on missing FILE: name 2019-10-03 13:09:18 -05:00
Luke Howard
befe1b8f90 always load plugins with RTLD_LOCAL/RTLD_GROUP if available 2019-01-03 20:06:27 -06:00
Jeffrey Altman
1dd38cc3de lib/hx509: declare and apply HX509_LIB_xxx macros 
libhx509 is not built according to the same export and calling conventions
on Windows as the other libraries.  This change declares and applies
HX509_LIB_FUNCTION, HX509_LIB_NORETURN_FUNCTION, HX509_LIB_CALL and
HX509_LIB_VARIABLE to lib/hx509.

As a result of this change the calling convention for exported functions
will be __stdcall instead of __cdecl.

Change-Id: Ibc3f05e8088030ef7d13798f1d9c9b190bc57797
 2019-01-02 10:23:39 -06:00
Luke Howard
f789d8403e hx509: explicitly include ref/pkcs11.h 
review comment from Nico Williams: explicitly include ref/pkcs11.h to
avoid any conflict with system PKCS#11 header
 2015-12-09 11:03:48 +11:00
Timothy Pearson
1d07f08351 Add ability to specifiy PKCS#11 slot number when using hx509 
Example usage: kinit -C PKCS11:/usr/lib/opensc-pkcs11.so,slot=3 foo@BAR.TLD
 2015-09-24 15:34:51 -05:00
HenryJacques
5a4e9d1539 Fix typo 2015-07-20 10:45:06 +02:00
HenryJacques
35a569bd83 Allow to use more than one token 
This is needed if the first is not usable
 2015-07-20 10:14:38 +02:00
HenryJacques
1639697c97 add error codes related to User PIN 2015-07-20 10:12:50 +02:00
HenryJacques
75a304c452 Fix typo 2015-07-20 10:08:57 +02:00
Love Hornquist Astrand
353ac10863 fix use after free 2012-11-27 21:58:04 -08:00
Love Hornquist Astrand
029de6cfa4 pass back an heim_error from hx509_cert_init 2012-10-07 06:33:13 -07:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues. 
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
 2012-02-20 19:45:41 +00:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Jelmer Vernooij
36ade8b509 hx509: Make various functions used by Samba public. 
* hx509_cert_public_encrypt
* hx509_parse_private_key
* hx509_private_key_assign_rsa
* hx509_private_key_free
* hx509_private_key_private_decrypt
* hx509_private_key_init
* hx509_private_key2SPKI
* hx509_request_get_name
* hx509_request_get_SubjectPublicKeyInfo
* hx509_request_free
* hx509_request_init
* hx509_request_set_name
* hx509_request_set_SubjectPublicKeyInfo

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-02-23 19:47:28 -08:00
Asanka Herath
0d09c879f3 Reduce compiler warnings on Windows 2010-08-20 13:04:06 -04:00
Love Hornquist Astrand
2a842e90d3 Drop MD2 support 
Patch partly from Guillaume Rousse
 2010-04-28 22:10:27 +02:00
Love Hörnquist Åstrand
8a5799199b Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25238 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:18:23 +00:00
Love Hörnquist Åstrand
5385679acd cast size_t to int for "%.*s" 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25184 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-06 19:02:14 +00:00
Love Hörnquist Åstrand
a041ea8906 remove unused return value 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25179 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-06 19:01:15 +00:00
Love Hörnquist Åstrand
ff5dab4f4a remove rcsid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24795 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-22 23:28:18 +00:00
Love Hörnquist Åstrand
8d59ecffe5 don't set P11_LOGIN_DONE before we're logged in 
fixes crash on subsequent logins

From: Guido Günther.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23858 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-22 06:32:15 +00:00
Love Hörnquist Åstrand
f31067f2fc [PATCH] don't try to clean unset P11_SESSION_IN_USE 
fixes abort()

From: Guido Günther.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23857 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-22 06:32:11 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
8b628c715f catch error from iterate_entries 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23504 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 10:00:19 +00:00
Love Hörnquist Åstrand
019e45aea2 Use unsigned where appropriate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22899 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-07 18:52:36 +00:00
Love Hörnquist Åstrand
c72b88116e make refcount slightly more sane. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22853 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-07 18:49:16 +00:00
Love Hörnquist Åstrand
5fed824f37 its vs it\'s etc. From Bjorn Sandell 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 20:04:50 +00:00
Love Hörnquist Åstrand
1b2bb27066 Add sha2 types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21387 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-28 08:53:45 +00:00
Love Hörnquist Åstrand
f622a16e97 Add hx509_cert_init_data and use everywhere 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21085 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-13 06:39:53 +00:00
Love Hörnquist Åstrand
0800216d7b Prefix rsa method with p11_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20920 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-05 05:47:06 +00:00
Love Hörnquist Åstrand
afbe259df2 Update _hx509_collector_alloc prototype. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20774 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-01 22:00:08 +00:00
Love Hörnquist Åstrand
7971b73f40 add more mechtypes 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20672 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-13 06:57:21 +00:00
Love Hörnquist Åstrand
401751b73d Add some more hashes. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20641 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-10 17:59:25 +00:00
Love Hörnquist Åstrand
82a45c7036 constify 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19839 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-11 09:55:09 +00:00
Love Hörnquist Åstrand
a905f0338c (collect_private_key): Missing CKA_MODULUS is ok too (XXX why should 
these be fetched given they are not used).


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19790 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-09 19:43:35 +00:00
Love Hörnquist Åstrand
80977a02f6 Factor out private key operation out of the signing, operations, support import, export, and generation of private keys. Add support for writing PEM and PKCS12 files with private keys in them. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19778 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-09 10:52:13 +00:00
Love Hörnquist Åstrand
3928ceb728 Headerfile <pkcs11.h> is now freestanding, remove pkcs11u.h. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19721 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-05 15:32:05 +00:00
Love Hörnquist Åstrand
59238c7f99 Remember to p11_put_session in the failure cases too. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19305 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-11 18:42:42 +00:00
Love Hörnquist Åstrand
fa270376d8 Pass in hx509_signature_rsa to key collector 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19300 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-09 12:18:09 +00:00
Love Hörnquist Åstrand
77e4ca555d Return less EINVAL. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18876 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 19:57:16 +00:00
Love Hörnquist Åstrand
7f316a5b1e Sprinkle more hx509_context so we can return propper errors. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18860 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 13:21:17 +00:00
Love Hörnquist Åstrand
f8bf18b7cc (p11_list_keys): make element of search_data[0] constants and set them later 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18591 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-19 11:02:01 +00:00
Love Hörnquist Åstrand
ead04d2e0e Remember to release certs. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18472 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-16 09:50:49 +00:00
Love Hörnquist Åstrand
42ed1a9b6e (p11_release_module): j needs to be used as inter loop index. From 
Douglas Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18406 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-11 21:14:14 +00:00
Love Hörnquist Åstrand
e22334b717 Return HX509_PKCS11_NO_SLOT when there are no slots and 
HX509_PKCS11_NO_TOKEN when there are no token. For use in PAM modules
that want to detect when to use smartcard login and when not
to. Patched based on code from Douglas Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18348 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-08 13:40:46 +00:00
Love Hörnquist Åstrand
dce4b55512 Fix double free's, NULL ptr de-reference, and conform better to pkcs11. 
From Douglas Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18187 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-01 18:05:05 +00:00