2005-09-14 Love Hörnquist Åstrand * p11.c: Cast to unsigned char to avoid warning. * keyset.c: Register pkcs11 module. * Makefile.am: Add ks_p11.c, install hxtool. * ks_p11.c: Starting point of a pkcs11 module. 2005-09-04 Love Hörnquist Åstrand * lock.c: Implement prompter. * hxtool-commands.in: add --content to print * hxtool.c: Split verify and print. * cms.c: _hx509_pbe_decrypt now takes a hx509_lock. * crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround for empty password. * name.c: Add DC, handle all Directory strings, fix signless problems. 2005-09-03 Love Hörnquist Åstrand * test_query.in: Pass in --pass to all commands. * hxtool.c: Use option --pass. * hxtool-commands.in: Add --pass to all commands. * hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER * test_cms.in: pass in password to cms-create-sd * crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k later. Avoid signess warnings with OpenSSL. * cms.c: Use void * instead of char * for to avoid signedness issues * cert.c (hx509_cert_get_attribute): remove const, its not * ks_p12.c: Cast size_t to unsigned long when print. * name.c: Fix signedness warning. * test_query.in: Use echo, the function check isn't defined here. 2005-08-11 Love Hörnquist Åstrand * hxtool-commands.in: Add more options that was missing. 2005-07-28 Love Hörnquist Åstrand * test_cms.in: Use --certificate= for enveloped/unenvelope. * hxtool.c: Use --certificate= for enveloped/unenvelope. Clean up. * test_cms.in: add EnvelopeData tests * hxtool.c: use id-envelopedData for ContentInfo * hxtool-commands.in: add contentinfo wrapping for create/unwrap enveloped data * hxtool.c: add contentinfo wrapping for create/unwrap enveloped data * data/gen-req.sh: add enveloped data (aes128) * crypto.c: add "new" RC2 oid 2005-07-27 Love Hörnquist Åstrand * hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows caller to match by function, note that this doesn't not work directly for backends that implements ->query, they must do their own processing. (I'm running out of flags, only 12 left now) * test_cms.in: verify ContentInfo wrapping code in hxtool * hxtool-commands.in (cms_create_sd): support wrapping in content info spelling * hxtool.c (cms_create_sd): support wrapping in content info * test_cms.in: test more cms signeddata messages * data/gen-req.sh: generate SignedData * hxtool.c (cms_create_sd): support certificate store, add support to unwrap a ContentInfo the SignedData inside. * crypto.c: sprinkel rk_UNCONST * crypto.c: add DER NULL to the digest oid's * hxtool-commands.in: add --content-info to cms-verify-sd * cms.c (hx509_cms_create_signed_1): pass in a full AlgorithmIdentifier instead of heim_oid for digest_alg * crypto.c: make digest_alg a digest_oid, it's not needed right now * hx509_err.et: add CERT_NOT_FOUND * keyset.c (_hx509_certs_find): add error code for cert not found * cms.c (hx509_cms_verify_signed): add external store of certificates, use the right digest algorithm identifier. * cert.c: fix const warning * ks_p12.c: slightly less verbose * cert.c: add hx509_cert_find_subjectAltName_otherName, add HX509_QUERY_MATCH_FRIENDLY_NAME * hx509.h: add hx509_octet_string_list, remove bad comment * hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME * keyset.c (hx509_certs_append): needs a hx509_lock, add one * Makefile.am: add test cases tempfiles to CLEANFILES * Makefile.am: add test_query to TESTS, fix dependency on hxtool sources on hxtool-commands.h * hxtool-commands.in: explain what signer is for create-sd * hxtool.c: add query, add more options to verify-sd and create-sd * test_cms.in: add more cms tests * hxtool-commands.in: add query, add more options to verify-sd * test_query.in: test query interface * data: fix filenames for ds/ke files, add pkcs12 files, regen * hxtool.c,Makefile.am,hxtool-commands.in: switch to slc 2005-07-26 Love Hörnquist Åstrand * cert.c (hx509_verify_destroy_ctx): add * hxtool.c: free hx509_verify_ctx * name.c (_hx509_name_ds_cmp): make sure all strings are not equal 2005-07-25 Love Hörnquist Åstrand * hxtool.c: return error * keyset.c: return errors from iterations * test_chain.in: clean up checks * ks_file.c (parse_certificate): return errno's not 1 in case of error * ks_file.c (file_iter): make sure endpointer is NULL * ks_mem.c (mem_iter): follow conversion and return NULL when we get to the end, not ENOENT. * Makefile.am: test_chain depends on hxtool * data: test certs that lasts 10 years * data/gen-req.sh: script to generate test certs * Makefile.am: Add regression tests. * data: test certificate and keys * test_chain.in: test chain * hxtool.c (cms_create_sd): add KU digitalSigature as a requirement to the query * hx_locl.h: add KeyUsage query bits * hx509_err.et: add KeyUsage error * cms.c: add checks for KeyUsage * cert.c: more checks on KeyUsage, allow to query on them too 2005-07-24 Love Hörnquist Åstrand * cms.c: Add missing break. * hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId * hxtool.c: Use _hx509_map_file, _hx509_unmap_file and _hx509_write_file. * file.c (_hx509_write_file): in case of write error, return errno * file.c (_hx509_write_file): add a function that write a data blob to disk too * Fix id-tags * Import mostly complete X.509 and CMS library. Handles, PEM, DER, PKCS12 encoded certicates. Verificate RSA chains and handled CMS's SignedData, and EnvelopedData.