Martin Willi
03ba8f9e8c
Move PKCS#9 attribute lists to pkcs7 plugin, as we currently use it there only
2012-12-19 10:32:08 +01:00
Martin Willi
804ba5bb50
Implement get_attribute() in openssl PKCS#7 backend
2012-12-19 10:32:08 +01:00
Martin Willi
063ae4e52a
Allocate data returned by pkcs7_t.get_attribute()
2012-12-19 10:32:08 +01:00
Martin Willi
c61723c69f
Implement OpenSSL PKCS#7 signed-data parsing and verification
2012-12-19 10:32:08 +01:00
Martin Willi
568ad938d1
Add a stub for OpenSSL PKCS#7 parsing
2012-12-19 10:32:08 +01:00
Martin Willi
1865fb929a
Remove unused monolithic PKCS#7 code
2012-12-19 10:32:08 +01:00
Martin Willi
74cc41c704
Migrated scepclient to new modular PKCS# API
2012-12-19 10:32:08 +01:00
Martin Willi
6d21c61a09
Fix encryption algorithm/key size argument processing in PKCS#7 enveloped-data
2012-12-19 10:32:08 +01:00
Martin Willi
ee97055835
Properly clone PKCS#7 attributes passed to builder
2012-12-19 10:32:08 +01:00
Martin Willi
8ccf5a4731
Fix enum names for container_type_t
2012-12-19 10:32:08 +01:00
Martin Willi
24b2dae2b6
Add a --show option to pki --pkcs7 to print contained certificates
2012-12-19 10:32:08 +01:00
Martin Willi
9e967d7dda
Add an enumerator for PKCS#7 contained certificates
2012-12-19 10:32:08 +01:00
Martin Willi
9afbe59953
pki --pkcs7 --verify shows prints the signing time, if available
2012-12-19 10:32:08 +01:00
Martin Willi
d3d706f4fc
Add a getter for signed PKCS#7 attributes
2012-12-19 10:32:08 +01:00
Martin Willi
5a50bec9d2
Fix leak in pki --pkcs7 --decrypt
2012-12-19 10:32:08 +01:00
Martin Willi
b95b4730f5
Support multiple signerInfos while parsing PKCS#7 signed-data
2012-12-19 10:32:07 +01:00
Martin Willi
47120d4977
Add a pki command to sign, verify, encrypt and decrypt PKCS#7 containers
2012-12-19 10:32:07 +01:00
Martin Willi
5d932e4f01
Support encoding of PKCS#7 enveloped-data containers
2012-12-19 10:32:07 +01:00
Martin Willi
32745a28cf
Support encoding of PKCS#7 signed-data containers
2012-12-19 10:32:07 +01:00
Martin Willi
3c2986bf0a
Support encoding of PKCS#7 "data" containers
2012-12-19 10:32:07 +01:00
Martin Willi
637a8abb72
Add builder parts to generate PKCS#7 containers
2012-12-19 10:32:07 +01:00
Martin Willi
d7aa09104f
Implement PKCS#7 enveloped-data parsing and decryption
2012-12-19 10:32:07 +01:00
Martin Willi
98bbe0760f
Implement PKCS#7 signed-data parsing and verification
2012-12-19 10:32:07 +01:00
Martin Willi
83ed1464e3
Implement PKCS#7 "data" content type parsing
2012-12-19 10:32:07 +01:00
Martin Willi
ed1c430334
certificate_t.has_subject() matches for certificate serialNumber
2012-12-19 10:32:07 +01:00
Martin Willi
9de6a7a85c
Implement generic PKCS#7 contentInfo parsing
2012-12-19 10:32:07 +01:00
Martin Willi
bd20f040fd
Add a plugin stub for PKCS#7 containers
2012-12-19 10:32:07 +01:00
Martin Willi
692f560546
Add container plugin features
2012-12-19 10:32:07 +01:00
Martin Willi
fc67a932ba
Add a generic interface for crypto containers and a more specific PKCS#7 interface
2012-12-19 10:32:07 +01:00
Martin Willi
67ca44ccbd
Rebuild PKCS#9 encoding after adding new attributes
2012-12-19 10:32:07 +01:00
Martin Willi
60c9b5da8d
Don't store additional encoding for each PKCS#9 attribute
2012-12-19 10:32:07 +01:00
Martin Willi
7f9fedc9bd
Unify PKCS#9 set_attribute* methods to a single add_attribute
...
This way the PKCS#9 implementation does not have to know
the encoding types for values
2012-12-19 10:32:07 +01:00
Martin Willi
c1005c120c
PKCS#9 coding style cleanups
2012-12-19 10:32:07 +01:00
Martin Willi
f0c02e27c4
Remove external build_encoding method in PKCS#9
2012-12-19 10:32:07 +01:00
Tobias Brunner
0080daa787
Fix deadlock in IMC/IMV managers
...
Since reserve_id() might be called from e.g. notify_connection_change()
using a write lock will not work as this can't be acquired while holding
the read lock.
Also, with the previous code it was possible that two IMCs/IMVs added by
two threads at the same time would get the same ID assigned.
2012-12-18 15:59:29 +01:00
Tobias Brunner
6a8eeba540
Properly select IMC/IMV according to given primary ID in reserve_id()
2012-12-18 15:59:29 +01:00
Martin Willi
4185c64464
Use a ./configure check to detect pthread spinlock availability
...
_POSIX_SPIN_LOCKS does not seem to be defined correctly on all
systems (Debian libc 2.3.6). Fixes #262 .
2012-12-18 09:51:33 +01:00
Martin Willi
544c2e3d7b
kernel-netlinks get_interface() considers virtual IPs, too
...
When using load-tester, we can install tunnel outer addresses on
demand. As these are installed as "virtual", we have to consider
virtual IPs in the get_interface() lookup to install "real" virtual
IPs to these dynamic external addresses.
2012-12-17 14:23:44 +01:00
Martin Willi
d9d0f12222
If load-tester requests a virtual IP, use a dynamic local traffic selector
2012-12-17 14:22:25 +01:00
Martin Willi
fe3060f5d0
Add missing CHILD_SA specific proposal keyword in conftest README
2012-12-17 10:58:47 +01:00
Tobias Brunner
283898d6e0
Fix traffic selectors also as initiator in case of transport mode over NAT
2012-12-13 15:27:29 +01:00
Tobias Brunner
2990671748
Fix debug output if responder selected invalid traffic selectors during QM
2012-12-13 15:27:28 +01:00
Andreas Steffen
45b5203f5d
fixed memory leak in TPM Version Info
2012-12-13 11:10:38 +01:00
Tobias Brunner
5cb00b3afb
Fixed reading of configs in conftest utility
2012-12-13 11:08:32 +01:00
Martin Willi
df75cc5c5f
Migrate RADIUS accounting state while IKE_SA unique id changes during rekey
2012-12-11 10:40:59 +01:00
Martin Willi
251b740712
Migrate cache and fire lookip events for unique_id change during IKE_SA rekey
2012-12-10 17:04:26 +01:00
Martin Willi
43b4c2ea75
Inherit virtual IP and attributes from old to new, not from new to old
2012-12-10 17:01:00 +01:00
Tobias Brunner
caccc0e8cc
Avoid that ruby 1.9 redefines snprintf(3) etc.
...
Otherwise our custom printf specifiers won't work.
2012-12-10 11:41:37 +01:00
Tobias Brunner
12e70a7efc
Properly initialize linked list when enumerating interface addresses
2012-12-10 09:47:46 +01:00
Tobias Brunner
6a25122bfc
rb_cvar_set() takes three arguments in Ruby 1.9
2012-12-10 09:47:46 +01:00