c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
9a6b1cb412
Fixed GNU license header in hmac and xcbc plugins.
2012-04-03 10:33:59 +02:00
ef511fc03d
Add support for dnQualifier in DNs.
2012-03-29 10:01:55 +02:00
817ab8a8d4
Don't cast second argument of mem_printf_hook (%b) to size_t.
...
Also treat the given number as unsigned int.
Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).
In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.
2012-03-27 09:10:34 +02:00
686cfd4e34
Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
...
This requires a Linux kernel >= 2.6.33.
2012-02-27 14:31:19 +01:00
a190ec0ac5
Compiler warnings fixed.
2012-02-14 16:09:44 +01:00
e81260d426
Moved log message for unexpected ASN.1 objects to level 2.
...
This avoids error messages if later builders can successfully decode something.
2012-02-01 18:27:46 +01:00
fd1ff46f61
Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files.
2012-02-01 18:27:46 +01:00
cab127cba6
Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes).
2012-02-01 18:27:46 +01:00
db3334dc32
Added support to parse PKCS#8 encoded ECDSA private keys.
2012-02-01 18:27:45 +01:00
27f8a61df3
OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters.
...
This is needed in case the key itself does not contain the parameters,
which is the case for PKCS#8.
2012-02-01 18:27:45 +01:00
b20c54ff3f
Add builder part for parameters from algorithmIdentifier.
2012-02-01 18:27:45 +01:00
25c6d26c1d
Return parsed parameters from algorithmIdentifier if they are an OID (aka EC named curve).
...
Explicit EC parameters are not supported with this function, but before this
change no parameters were actually ever returned.
2012-02-01 18:27:45 +01:00
9255aa87ec
Parse RSA private keys from PKCS#8 encoded blobs.
2012-02-01 18:27:45 +01:00
5ec525c1d1
Added PKCS#8 stub plugin.
2012-02-01 18:27:45 +01:00
7171d8765e
Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available.
2012-01-30 11:04:55 +01:00
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
ad1aaf4be3
Function added to plugin_loader to get a list of the names of loaded plugins.
2012-01-19 11:51:51 +01:00
5ed3e3a7e6
Various style, typo and whitespace corrections
2012-01-13 16:27:35 +01:00
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00
35a1986142
Fixed additional typos in comments and log messages.
2012-01-12 11:42:42 +01:00
d887b8e134
Fix whitespaces
2012-01-12 11:25:18 +01:00
2a375e62f3
Some documentation corrections
2012-01-12 11:25:12 +01:00
17e3a92661
Fix gettid() on Android, which is defined in unistd.h there.
2012-01-12 11:08:22 +01:00
66f16d9629
Use native gettid() if available (which is the case on Android).
2012-01-10 18:31:33 +01:00
e86b685da5
Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.
2011-12-23 18:07:39 +01:00
f4095fdc8a
Avoid integer overflow when parsing ASN.1 dates.
...
This only works properly if sizeof(time_t) > 4.
2011-12-23 16:38:28 +01:00
1267127c11
Properly ASN.1 encode dates in certificates depending on the year.
2011-12-23 16:29:41 +01:00
5317dd6887
Added atomic compare and swap operations.
...
Using a GCC atomic builtin if available or a global mutex otherwise.
2011-12-23 11:04:55 +01:00
cc4b48e886
Also log PGP parsing in ASN log group.
2011-12-16 16:44:38 +01:00
b6e0784385
Log messages for PKCS1 and PEM parsing in ASN log group.
2011-12-16 16:44:38 +01:00
eb497205e3
Log most X.509 related messages in new ASN log group.
2011-12-16 16:44:38 +01:00
c7f3a056dd
Log ASN.1 parsing in new ASN debug group.
2011-12-16 16:44:38 +01:00
54d096a712
Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509).
...
This will allow us to remove quite some clutter from the LIB debug group
for higher debug levels.
2011-12-16 16:44:38 +01:00
c17f6f96e2
Log native thread ID when a thread is created.
...
If possible gettid() is used, otherwise pthread_self() is logged (which is
not completely portable, but seems to work on most supported platforms).
2011-12-16 16:44:38 +01:00
b24287c269
Log worker thread ID with two digits.
2011-12-16 16:44:38 +01:00
a5951a2861
Make sure the certificate cache is flushed when plugins are unloaded.
...
This avoids segmentation faults when plugins implementing cert_t are
already unloaded when the cache is flushed during destruction.
2011-12-15 12:20:09 +01:00
8b8fcfd631
Be less verbose if plugin dependecy not satisfied
2011-12-07 13:42:10 +01:00
005b02cbe3
Create a dummy pthread key for value "0", as some buggy PKCS#11 libraries mangle it
2011-12-07 13:42:07 +01:00
a91462df09
fixed copy-and-paste error
2011-12-04 12:53:47 +01:00
95e37555c3
Reverse the changes made to openssl plugin for signature verification
2011-11-28 21:18:05 +01:00
824ace105a
Changed the static function name in openssl_rsa_public_key object
...
Removed unused chunk variable from PTS verify_quote_signature function
2011-11-28 21:17:16 +01:00
5fbbfe0a48
use openssl rsa_verify function
2011-11-28 20:31:13 +01:00
19fa287f6e
Reverse the changes made to openssl plugin for signature verification
2011-11-28 14:39:53 +01:00
71741df078
Changed the static function name in openssl_rsa_public_key object
...
Removed unused chunk variable from PTS verify_quote_signature function
2011-11-28 14:39:53 +01:00
3cd6077b75
use openssl rsa_verify function
2011-11-28 14:39:53 +01:00
fbeb94544c
extended bio_reader and bio_writer to handle u_int64_t
2011-11-28 14:39:52 +01:00
4002b41b92
Added ctime function to white list
2011-11-28 14:34:21 +01:00
5ddeaf2884
Fixed compiler warnings for DH groups that define no subgroup.
2011-11-25 10:18:03 +01:00
a660f1426e
Fixed missing initializer compiler warning.
2011-11-25 09:52:19 +01:00
Tobias Brunner