c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
9a6b1cb412
Fixed GNU license header in hmac and xcbc plugins.
2012-04-03 10:33:59 +02:00
817ab8a8d4
Don't cast second argument of mem_printf_hook (%b) to size_t.
...
Also treat the given number as unsigned int.
Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).
In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.
2012-03-27 09:10:34 +02:00
a190ec0ac5
Compiler warnings fixed.
2012-02-14 16:09:44 +01:00
fd1ff46f61
Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files.
2012-02-01 18:27:46 +01:00
cab127cba6
Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes).
2012-02-01 18:27:46 +01:00
db3334dc32
Added support to parse PKCS#8 encoded ECDSA private keys.
2012-02-01 18:27:45 +01:00
27f8a61df3
OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters.
...
This is needed in case the key itself does not contain the parameters,
which is the case for PKCS#8.
2012-02-01 18:27:45 +01:00
9255aa87ec
Parse RSA private keys from PKCS#8 encoded blobs.
2012-02-01 18:27:45 +01:00
5ec525c1d1
Added PKCS#8 stub plugin.
2012-02-01 18:27:45 +01:00
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
ad1aaf4be3
Function added to plugin_loader to get a list of the names of loaded plugins.
2012-01-19 11:51:51 +01:00
d887b8e134
Fix whitespaces
2012-01-12 11:25:18 +01:00
e86b685da5
Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.
2011-12-23 18:07:39 +01:00
1267127c11
Properly ASN.1 encode dates in certificates depending on the year.
2011-12-23 16:29:41 +01:00
cc4b48e886
Also log PGP parsing in ASN log group.
2011-12-16 16:44:38 +01:00
b6e0784385
Log messages for PKCS1 and PEM parsing in ASN log group.
2011-12-16 16:44:38 +01:00
eb497205e3
Log most X.509 related messages in new ASN log group.
2011-12-16 16:44:38 +01:00
8b8fcfd631
Be less verbose if plugin dependecy not satisfied
2011-12-07 13:42:10 +01:00
95e37555c3
Reverse the changes made to openssl plugin for signature verification
2011-11-28 21:18:05 +01:00
824ace105a
Changed the static function name in openssl_rsa_public_key object
...
Removed unused chunk variable from PTS verify_quote_signature function
2011-11-28 21:17:16 +01:00
5fbbfe0a48
use openssl rsa_verify function
2011-11-28 20:31:13 +01:00
19fa287f6e
Reverse the changes made to openssl plugin for signature verification
2011-11-28 14:39:53 +01:00
71741df078
Changed the static function name in openssl_rsa_public_key object
...
Removed unused chunk variable from PTS verify_quote_signature function
2011-11-28 14:39:53 +01:00
3cd6077b75
use openssl rsa_verify function
2011-11-28 14:39:53 +01:00
4de8f280e1
pkcs11: Fixed a bug when creating public keys.
2011-11-09 17:39:24 +01:00
99246a4fc2
gcrypt does not support MD2
2011-11-09 06:48:55 +01:00
bc0a4f7663
assign get_features method
2011-11-07 19:15:41 +01:00
93818392cd
Change order of ocsp uris when parsing a cert
2011-11-04 11:11:17 +01:00
6e5e2762d3
Handle certificates being on hold in a CRL
...
Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.
2011-11-04 11:11:17 +01:00
42e2da606c
Use chunk_clear to memwipe shared secret
2011-11-04 11:11:17 +01:00
c230885a07
Fix resource leak in x509_ocsp_response
2011-11-04 11:11:17 +01:00
f3eef176f4
Common spelling errors fixed.
2011-11-03 19:30:17 +01:00
1bdd255ed3
pkcs11: Make public key operations on tokens optional.
2011-11-03 17:56:40 +01:00
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
58d0a8d49b
pkcs11: Register ECDSA feature.
2011-11-02 20:27:55 +01:00
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
9e3b1e1495
pkcs11: Added support to encode ECDSA public keys.
2011-11-02 20:27:55 +01:00
36d1627f6e
pkcs11: Parse ECDSA public keys and find/create them on tokens.
2011-11-02 20:27:55 +01:00
574261163f
pkcs11: Added generic functions to find/create public keys on tokens.
2011-11-02 20:27:55 +01:00
a8084ee011
pkcs11: Store public key length in bits.
2011-11-02 20:27:55 +01:00
8859c1f26b
pkcs11: Fix encoding of RSA public keys.
2011-11-02 20:27:55 +01:00
dae19d448d
pkcs11: Use create_object_attr_enumerator to encode RSA public key.
2011-11-02 20:27:54 +01:00
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
c198525104
pkcs11: Function added to retrieve multiple attributes from a single object.
2011-11-02 20:27:54 +01:00
817d165cbc
pkcs11: Memory leak fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
43cd036a77
pkcs11: Invalid free fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
50ad6eacb6
pkcs11: Changed how pkcs11-manager is initialized.
...
The manager is now created directly, but events and certificate loading
is deferred.
2011-11-02 20:27:54 +01:00
Tobias Brunner