oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,085 Commits 2 Branches 2 Tags
c844a1c62b187dc527e4b391e791ca62e6444ba5
Commit Graph

155 Commits

Author SHA1 Message Date
Jeffrey Altman
363bc7d983 handle negative return values 
do not pass negative values to malloc

do not pass negative values to strerror

do not pass negative values to ftruncate

do not pass negative values to fclose

Change-Id: I79ebef4e22edd14343ebeebb2ef8308785064fe8
 2022-01-16 00:48:09 -05:00
Nicolas Williams
e23bc7d53d hx509: Fix warnings and leaks 2022-01-14 12:42:52 -06:00
Luke Howard
718e3f8b68 hx509: correct ASN.1 OID typo for SHA-384 
A copy and paste error initialized the SHA-384 structure in libhx509
with the OID for SHA-512.

Fixes: 776
 2021-05-19 14:41:03 +10:00
Nicolas Williams
5a0d85e423 hx509: Add PKCS#8 private key format option 2019-10-03 13:09:18 -05:00
Jeffrey Altman
1dd38cc3de lib/hx509: declare and apply HX509_LIB_xxx macros 
libhx509 is not built according to the same export and calling conventions
on Windows as the other libraries.  This change declares and applies
HX509_LIB_FUNCTION, HX509_LIB_NORETURN_FUNCTION, HX509_LIB_CALL and
HX509_LIB_VARIABLE to lib/hx509.

As a result of this change the calling convention for exported functions
will be __stdcall instead of __cdecl.

Change-Id: Ibc3f05e8088030ef7d13798f1d9c9b190bc57797
 2019-01-02 10:23:39 -06:00
Viktor Dukhovni
8078e089f1 Add support for ECDSA w/ SHA-2 signature algs 2016-04-15 10:32:50 -05:00
Nicolas Williams
490337f4f9 Make OpenSSL an hcrypto backend proper 
This adds a new backend for libhcrypto: the OpenSSL backend.

Now libhcrypto has these backends:

 - hcrypto itself (i.e., the algorithms coded in lib/hcrypto)
 - Common Crypto (OS X)
 - PKCS#11 (specifically for Solaris, but not Solaris-specific)
 - Windows CNG (Windows)
 - OpenSSL (generic)

The ./configure --with-openssl=... option no longer disables the use of
hcrypto.  Instead it enables the use of OpenSSL as a (and the default)
backend in libhcrypto.  The libhcrypto framework is now always used.

OpenSSL should no longer be used directly within Heimdal, except in the
OpenSSL hcrypto backend itself, and files where elliptic curve (EC)
crypto is needed.

Because libhcrypto's EC support is incomplete, we can only use OpenSSL
for EC.  Currently that means separating all EC-using code so that it
does not use hcrypto, thus the libhx509/hxtool and PKINIT EC code has
been moved out of the files it used to be in.
 2016-04-15 00:16:17 -05:00
Nicolas Williams
9df88205ba Fix double-free in lib/hx509/crypto.c 2016-04-15 00:16:16 -05:00
Nicolas Williams
97425a44a2 hx509/crypto.c: fix invalid pointer deref 2016-02-29 19:13:11 -06:00
Timothy Pearson
042b1ee7cb Do not crash if private key not found 2015-09-24 15:48:14 -05:00
Viktor Dukhovni
ba39f42b81 TBS vs Certificate sigalg consistency for RSA 2015-03-04 19:51:11 -05:00
Love Hornquist Astrand
060474df16 quel 64bit warnings, fixup implicit encoding for template, fix spelling 2013-06-03 21:46:20 -07:00
Love Hornquist Astrand
846f6e0e7b always produce a signature that is the size of the modulus 2012-09-11 20:45:43 -07:00
Love Hornquist Astrand
671c91fd5f just mark sig algs as weak instead of expiration date 2012-06-08 18:08:23 +02:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Jelmer Vernooij
36ade8b509 hx509: Make various functions used by Samba public. 
* hx509_cert_public_encrypt
* hx509_parse_private_key
* hx509_private_key_assign_rsa
* hx509_private_key_free
* hx509_private_key_private_decrypt
* hx509_private_key_init
* hx509_private_key2SPKI
* hx509_request_get_name
* hx509_request_get_SubjectPublicKeyInfo
* hx509_request_free
* hx509_request_init
* hx509_request_set_name
* hx509_request_set_SubjectPublicKeyInfo

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-02-23 19:47:28 -08:00
Love Hornquist Astrand
49ca1a40fa export hx509_find_private_alg 2011-01-12 17:49:12 +01:00
Love Hornquist Astrand
48ad3e1e65 add import/export type for private keys 2010-10-03 16:32:01 -07:00
Love Hornquist Astrand
dfc54c6eea now that we use 2k rsa keys, don't make ca keys twise as large 2010-10-03 14:59:43 -07:00
Love Hornquist Astrand
97390e087d default to 2k rsa keys, for performance reasons you might want to generate 1k rsa keys though 2010-10-03 14:58:18 -07:00
Love Hornquist Astrand
3128a7a416 SHA384 2010-09-30 18:36:58 -07:00
Love Hornquist Astrand
9dbcb98f84 clue in sha512 in rsa signature 2010-09-30 01:00:42 -07:00
Love Hornquist Astrand
6699b5e59a get padding size right 2010-09-30 00:20:52 -07:00
Love Hornquist Astrand
42727fc891 glue in sha512 2010-09-30 00:18:03 -07:00
Love Hornquist Astrand
07e7cdd4f0 Support PADDING_NONE for encryption too 2010-09-23 11:11:00 -07:00
Love Hornquist Astrand
74e46d59c1 add back hx509_crypto_allow_weak 2010-09-22 15:00:13 -07:00
Love Hornquist Astrand
6f328a9194 add padding support via hx509_crypto_set_padding 2010-09-22 14:41:17 -07:00
Love Hornquist Astrand
5dc765aa16 use uppercase OID def 2010-08-08 17:02:48 -07:00
Love Hornquist Astrand
d79063ee9f add id-secsig-sha-1WithRSAEncryption 2010-08-08 15:49:49 -07:00
Love Hornquist Astrand
2a842e90d3 Drop MD2 support 
Patch partly from Guillaume Rousse
 2010-04-28 22:10:27 +02:00
Love Hornquist Astrand
e57bd85101 spelling 2010-03-10 20:05:31 -08:00
Love Hornquist Astrand
a059a70746 Only accept self-signed certs within chains for strong hash types 2009-11-25 05:03:16 -08:00
Love Hornquist Astrand
e538b1e84b simplify, make sure length is set properly 2009-09-19 12:57:30 -07:00
Love Hornquist Astrand
26aefa1853 Don't free rsa (NULL) on failure to parse key 2009-09-19 12:35:27 -07:00
Love Hornquist Astrand
9f5d22b98a define and use d2i_RSAPublicKey 2009-08-21 18:57:09 -07:00
Love Hornquist Astrand
72e306c7e3 Push cert down deaper into the stack 2009-08-21 18:34:21 -07:00
Love Hornquist Astrand
03cb3aa56b use EVP_MD_CTX_create 2009-08-20 17:13:09 -07:00
Love Hornquist Astrand
0bb8ad20d3 Use EVP for digest signatures 2009-08-15 14:24:00 +02:00
Love Hörnquist Åstrand
4c302b52f8 remove unused type 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25285 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-17 18:10:59 +00:00
Love Hörnquist Åstrand
357a115f65 Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25248 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:20:06 +00:00
Love Hörnquist Åstrand
c8e9f23dc4 Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25243 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:19:12 +00:00
Love Hörnquist Åstrand
2e992827d9 remove unused variable, set ret before use 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25227 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-25 23:44:29 +00:00
Love Hörnquist Åstrand
6dc1f7bb98 Support parsing keys that have the group parameter include in the 
EC_PrivateKey block. PKCS8's -- PRIVATE KEY -- vs PEM's -- EC PRIVATE KEY --

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25221 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-25 23:43:26 +00:00
Love Hörnquist Åstrand
b2fe5bd2a0 handle EC private keys for real 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25218 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-25 23:42:45 +00:00
Love Hörnquist Åstrand
a1b70e2edc better error handling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25193 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-06 19:04:02 +00:00
Love Hörnquist Åstrand
c4c71cc41a switch to sha256 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24958 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-26 23:12:13 +00:00
Love Hörnquist Åstrand
37e726c136 wrap more EC stuff in HAVE_OPENSSL 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24925 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-22 17:24:26 +00:00
Love Hörnquist Åstrand
3ba1f9ab68 remove dup return 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24822 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:24:57 +00:00
Love Hörnquist Åstrand
a196e330ac allow weak in PBE_string2key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24821 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:24:38 +00:00