c52f7bb670
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16477 ec53bebd-3082-4978-b11e-865c3cabbd6b
358 lines
9.4 KiB
Plaintext
358 lines
9.4 KiB
Plaintext
2006-01-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* add a hx509_context where we can store configuration
|
|
|
|
* p11.c,Makefile.am: pkcs11 is now supported by library, remove
|
|
old files.
|
|
|
|
* ks_p11.c: more paranoid on refcount, set refcounter ealier,
|
|
reset pointers after free
|
|
|
|
* collector.c (struct private_key): remove temporary key data
|
|
storage, convert directly to a key
|
|
(match_localkeyid): match certificate and key using localkeyid
|
|
(match_keys): match certificate and key using _hx509_match_keys
|
|
(_hx509_collector_collect): rewrite to use match_keys and
|
|
match_localkeyid
|
|
|
|
* crypto.c (_hx509_match_keys): function that determins if a
|
|
private key matches a certificate, used when there is no
|
|
localkeyid.
|
|
(*) reset free pointer
|
|
|
|
* ks_file.c: Rewrite to use collector and mapping support
|
|
function.
|
|
|
|
* ks_p11.c (rsa_pkcs1_method): constify
|
|
|
|
* ks_p11.c: drop extra wrapping of p11_init
|
|
|
|
* crypto.c (_hx509_private_key_assign_key_file): use function to
|
|
extact rsa key
|
|
|
|
* cert.c: Revert previous, refcounter is unsigned, so it can never
|
|
be negative.
|
|
|
|
* cert.c (hx509_cert_ref): more refcount paranoia
|
|
|
|
* ks_p11.c: Implement rsa_private_decrypt and add stubs for public
|
|
ditto.
|
|
|
|
* ks_p11.c: Less printf, less memory leaks.
|
|
|
|
* ks_p11.c: Implement signing using pkcs11.
|
|
|
|
* ks_p11.c: Partly assign private key, enough to complete
|
|
collection, but not any crypto functionallity.
|
|
|
|
* collector.c: Use hx509_private_key to assign private keys.
|
|
|
|
* crypto.c: Remove most of the EVP_PKEY code, and use RSA
|
|
directly, this temporary removes DSA support.
|
|
|
|
* hxtool.c (print_f): print if there is a friendly name and if
|
|
there is a private key
|
|
|
|
2006-01-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* name.c: Avoid warning from missing __attribute__((noreturn))
|
|
|
|
* lock.c (_hx509_lock_unlock_certs): return unlock certificates
|
|
|
|
* crypto.c (_hx509_private_key_assign_ptr): new function, exposes
|
|
EVP_PKEY
|
|
(_hx509_private_key_assign_key_file): remember to free private key
|
|
if there is one.
|
|
|
|
* cert.c (_hx509_abort): add newline to output and flush stdout
|
|
|
|
* Makefile.am: libhx509_la_SOURCES += collector.c
|
|
|
|
* hx_locl.h: forward type declaration of struct hx509_collector.
|
|
|
|
* collector.c: Support functions to collect certificates and
|
|
private keys and then match them.
|
|
|
|
* ks_p12.c: Use the new hx509_collector support functions.
|
|
|
|
* ks_p11.c: Add enough glue to support certificate iteration.
|
|
|
|
* test_nist_pkcs12.in: Less verbose.
|
|
|
|
* cert.c (hx509_cert_free): if there is a private key assosited
|
|
with this cert, free it
|
|
|
|
* print.c: Use _hx509_abort.
|
|
|
|
* ks_p12.c: Use _hx509_abort.
|
|
|
|
* hxtool.c: Use _hx509_abort.
|
|
|
|
* crypto.c: Use _hx509_abort.
|
|
|
|
* cms.c: Use _hx509_abort.
|
|
|
|
* cert.c: Use _hx509_abort.
|
|
|
|
* name.c: use _hx509_abort
|
|
|
|
2006-01-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* name.c (hx509_name_to_string): don't cut bmpString in half.
|
|
|
|
* name.c (hx509_name_to_string): don't overwrite with 1 byte with
|
|
bmpString.
|
|
|
|
* ks_file.c (parse_certificate): avoid stomping before array
|
|
|
|
* name.c (oidtostring): avoid leaking memory
|
|
|
|
* keyset.c: Add _hx509_ks_dir_register.
|
|
|
|
* Makefile.am (libhx509_la_SOURCES): += ks_dir.c
|
|
|
|
* hxtool-commands.in: Remove pkcs11.
|
|
|
|
* hxtool.c: Remove pcert_pkcs11.
|
|
|
|
* ks_file.c: Factor out certificate parsing code.
|
|
|
|
* ks_dir.c: Add new keystore that treats all files in a directory
|
|
a keystore, useful for regression tests.
|
|
|
|
2005-12-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_nist_pkcs12.in: Test parse PKCS12 files from NIST.
|
|
|
|
* data/nist-data: Can handle DSA certificate.
|
|
|
|
* hxtool.c: Print error code on failure.
|
|
|
|
2005-10-29 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* crypto.c: Support DSA signature operations.
|
|
|
|
2005-10-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* print.c: Validate that issuerAltName and subjectAltName isn't
|
|
empty.
|
|
|
|
2005-09-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* p11.c: Cast to unsigned char to avoid warning.
|
|
|
|
* keyset.c: Register pkcs11 module.
|
|
|
|
* Makefile.am: Add ks_p11.c, install hxtool.
|
|
|
|
* ks_p11.c: Starting point of a pkcs11 module.
|
|
|
|
2005-09-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lock.c: Implement prompter.
|
|
|
|
* hxtool-commands.in: add --content to print
|
|
|
|
* hxtool.c: Split verify and print.
|
|
|
|
* cms.c: _hx509_pbe_decrypt now takes a hx509_lock.
|
|
|
|
* crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround
|
|
for empty password.
|
|
|
|
* name.c: Add DC, handle all Directory strings, fix signless
|
|
problems.
|
|
|
|
2005-09-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_query.in: Pass in --pass to all commands.
|
|
|
|
* hxtool.c: Use option --pass.
|
|
|
|
* hxtool-commands.in: Add --pass to all commands.
|
|
|
|
* hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER
|
|
|
|
* test_cms.in: pass in password to cms-create-sd
|
|
|
|
* crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k
|
|
later. Avoid signess warnings with OpenSSL.
|
|
|
|
* cms.c: Use void * instead of char * for to avoid signedness
|
|
issues
|
|
|
|
* cert.c (hx509_cert_get_attribute): remove const, its not
|
|
|
|
* ks_p12.c: Cast size_t to unsigned long when print.
|
|
|
|
* name.c: Fix signedness warning.
|
|
|
|
* test_query.in: Use echo, the function check isn't defined here.
|
|
|
|
2005-08-11 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool-commands.in: Add more options that was missing.
|
|
|
|
2005-07-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_cms.in: Use --certificate= for enveloped/unenvelope.
|
|
|
|
* hxtool.c: Use --certificate= for enveloped/unenvelope. Clean
|
|
up.
|
|
|
|
* test_cms.in: add EnvelopeData tests
|
|
|
|
* hxtool.c: use id-envelopedData for ContentInfo
|
|
|
|
* hxtool-commands.in: add contentinfo wrapping for create/unwrap
|
|
enveloped data
|
|
|
|
* hxtool.c: add contentinfo wrapping for create/unwrap enveloped
|
|
data
|
|
|
|
* data/gen-req.sh: add enveloped data (aes128)
|
|
|
|
* crypto.c: add "new" RC2 oid
|
|
|
|
2005-07-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows
|
|
caller to match by function, note that this doesn't not work
|
|
directly for backends that implements ->query, they must do their
|
|
own processing. (I'm running out of flags, only 12 left now)
|
|
|
|
* test_cms.in: verify ContentInfo wrapping code in hxtool
|
|
|
|
* hxtool-commands.in (cms_create_sd): support wrapping in content
|
|
info spelling
|
|
|
|
* hxtool.c (cms_create_sd): support wrapping in content info
|
|
|
|
* test_cms.in: test more cms signeddata messages
|
|
|
|
* data/gen-req.sh: generate SignedData
|
|
|
|
* hxtool.c (cms_create_sd): support certificate store, add support
|
|
to unwrap a ContentInfo the SignedData inside.
|
|
|
|
* crypto.c: sprinkel rk_UNCONST
|
|
|
|
* crypto.c: add DER NULL to the digest oid's
|
|
|
|
* hxtool-commands.in: add --content-info to cms-verify-sd
|
|
|
|
* cms.c (hx509_cms_create_signed_1): pass in a full
|
|
AlgorithmIdentifier instead of heim_oid for digest_alg
|
|
|
|
* crypto.c: make digest_alg a digest_oid, it's not needed right
|
|
now
|
|
|
|
* hx509_err.et: add CERT_NOT_FOUND
|
|
|
|
* keyset.c (_hx509_certs_find): add error code for cert not
|
|
found
|
|
|
|
* cms.c (hx509_cms_verify_signed): add external store of
|
|
certificates, use the right digest algorithm identifier.
|
|
|
|
* cert.c: fix const warning
|
|
|
|
* ks_p12.c: slightly less verbose
|
|
|
|
* cert.c: add hx509_cert_find_subjectAltName_otherName, add
|
|
HX509_QUERY_MATCH_FRIENDLY_NAME
|
|
|
|
* hx509.h: add hx509_octet_string_list, remove bad comment
|
|
|
|
* hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME
|
|
|
|
* keyset.c (hx509_certs_append): needs a hx509_lock, add one
|
|
|
|
* Makefile.am: add test cases tempfiles to CLEANFILES
|
|
|
|
* Makefile.am: add test_query to TESTS, fix dependency on hxtool
|
|
sources on hxtool-commands.h
|
|
|
|
* hxtool-commands.in: explain what signer is for create-sd
|
|
|
|
* hxtool.c: add query, add more options to verify-sd and create-sd
|
|
|
|
* test_cms.in: add more cms tests
|
|
|
|
* hxtool-commands.in: add query, add more options to verify-sd
|
|
|
|
* test_query.in: test query interface
|
|
|
|
* data: fix filenames for ds/ke files, add pkcs12 files, regen
|
|
|
|
* hxtool.c,Makefile.am,hxtool-commands.in: switch to slc
|
|
|
|
2005-07-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cert.c (hx509_verify_destroy_ctx): add
|
|
|
|
* hxtool.c: free hx509_verify_ctx
|
|
|
|
* name.c (_hx509_name_ds_cmp): make sure all strings are not equal
|
|
|
|
2005-07-25 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool.c: return error
|
|
|
|
* keyset.c: return errors from iterations
|
|
|
|
* test_chain.in: clean up checks
|
|
|
|
* ks_file.c (parse_certificate): return errno's not 1 in case of
|
|
error
|
|
|
|
* ks_file.c (file_iter): make sure endpointer is NULL
|
|
|
|
* ks_mem.c (mem_iter): follow conversion and return NULL when we
|
|
get to the end, not ENOENT.
|
|
|
|
* Makefile.am: test_chain depends on hxtool
|
|
|
|
* data: test certs that lasts 10 years
|
|
|
|
* data/gen-req.sh: script to generate test certs
|
|
|
|
* Makefile.am: Add regression tests.
|
|
|
|
* data: test certificate and keys
|
|
|
|
* test_chain.in: test chain
|
|
|
|
* hxtool.c (cms_create_sd): add KU digitalSigature as a
|
|
requirement to the query
|
|
|
|
* hx_locl.h: add KeyUsage query bits
|
|
|
|
* hx509_err.et: add KeyUsage error
|
|
|
|
* cms.c: add checks for KeyUsage
|
|
|
|
* cert.c: more checks on KeyUsage, allow to query on them too
|
|
|
|
2005-07-24 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cms.c: Add missing break.
|
|
|
|
* hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId
|
|
|
|
* hxtool.c: Use _hx509_map_file, _hx509_unmap_file and
|
|
_hx509_write_file.
|
|
|
|
* file.c (_hx509_write_file): in case of write error, return errno
|
|
|
|
* file.c (_hx509_write_file): add a function that write a data
|
|
blob to disk too
|
|
|
|
* Fix id-tags
|
|
|
|
* Import mostly complete X.509 and CMS library. Handles, PEM, DER,
|
|
PKCS12 encoded certicates. Verificate RSA chains and handled
|
|
CMS's SignedData, and EnvelopedData.
|
|
|
|
|