2005-08-11 Love Hörnquist Åstrand * hxtool-commands.in: Add more options that was missing. 2005-07-28 Love Hörnquist Åstrand * test_cms.in: Use --certificate= for enveloped/unenvelope. * hxtool.c: Use --certificate= for enveloped/unenvelope. Clean up. * test_cms.in: add EnvelopeData tests * hxtool.c: use id-envelopedData for ContentInfo * hxtool-commands.in: add contentinfo wrapping for create/unwrap enveloped data * hxtool.c: add contentinfo wrapping for create/unwrap enveloped data * data/gen-req.sh: add enveloped data (aes128) * crypto.c: add "new" RC2 oid 2005-07-27 Love Hörnquist Åstrand * hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows caller to match by function, note that this doesn't not work directly for backends that implements ->query, they must do their own processing. (I'm running out of flags, only 12 left now) * test_cms.in: verify ContentInfo wrapping code in hxtool * hxtool-commands.in (cms_create_sd): support wrapping in content info spelling * hxtool.c (cms_create_sd): support wrapping in content info * test_cms.in: test more cms signeddata messages * data/gen-req.sh: generate SignedData * hxtool.c (cms_create_sd): support certificate store, add support to unwrap a ContentInfo the SignedData inside. * crypto.c: sprinkel rk_UNCONST * crypto.c: add DER NULL to the digest oid's * hxtool-commands.in: add --content-info to cms-verify-sd * cms.c (hx509_cms_create_signed_1): pass in a full AlgorithmIdentifier instead of heim_oid for digest_alg * crypto.c: make digest_alg a digest_oid, it's not needed right now * hx509_err.et: add CERT_NOT_FOUND * keyset.c (_hx509_certs_find): add error code for cert not found * cms.c (hx509_cms_verify_signed): add external store of certificates, use the right digest algorithm identifier. * cert.c: fix const warning * ks_p12.c: slightly less verbose * cert.c: add hx509_cert_find_subjectAltName_otherName, add HX509_QUERY_MATCH_FRIENDLY_NAME * hx509.h: add hx509_octet_string_list, remove bad comment * hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME * keyset.c (hx509_certs_append): needs a hx509_lock, add one * Makefile.am: add test cases tempfiles to CLEANFILES * Makefile.am: add test_query to TESTS, fix dependency on hxtool sources on hxtool-commands.h * hxtool-commands.in: explain what signer is for create-sd * hxtool.c: add query, add more options to verify-sd and create-sd * test_cms.in: add more cms tests * hxtool-commands.in: add query, add more options to verify-sd * test_query.in: test query interface * data: fix filenames for ds/ke files, add pkcs12 files, regen * hxtool.c,Makefile.am,hxtool-commands.in: switch to slc 2005-07-26 Love Hörnquist Åstrand * cert.c (hx509_verify_destroy_ctx): add * hxtool.c: free hx509_verify_ctx * name.c (_hx509_name_ds_cmp): make sure all strings are not equal 2005-07-25 Love Hörnquist Åstrand * hxtool.c: return error * keyset.c: return errors from iterations * test_chain.in: clean up checks * ks_file.c (parse_certificate): return errno's not 1 in case of error * ks_file.c (file_iter): make sure endpointer is NULL * ks_mem.c (mem_iter): follow conversion and return NULL when we get to the end, not ENOENT. * Makefile.am: test_chain depends on hxtool * data: test certs that lasts 10 years * data/gen-req.sh: script to generate test certs * Makefile.am: Add regression tests. * data: test certificate and keys * test_chain.in: test chain * hxtool.c (cms_create_sd): add KU digitalSigature as a requirement to the query * hx_locl.h: add KeyUsage query bits * hx509_err.et: add KeyUsage error * cms.c: add checks for KeyUsage * cert.c: more checks on KeyUsage, allow to query on them too 2005-07-24 Love Hörnquist Åstrand * cms.c: Add missing break. * hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId * hxtool.c: Use _hx509_map_file, _hx509_unmap_file and _hx509_write_file. * file.c (_hx509_write_file): in case of write error, return errno * file.c (_hx509_write_file): add a function that write a data blob to disk too * Fix id-tags * Import mostly complete X.509 and CMS library. Handles, PEM, DER, PKCS12 encoded certicates. Verificate RSA chains and handled CMS's SignedData, and EnvelopedData.