Коренберг Марк
d8e4a2a777
identification: Change abbreviation for surname/serialNumber RDNs
...
To align with RFC 4519, section 2.31/32, the abbreviation for surname
is changed to "SN" that was previously used for serialNumber, which does
not have an abbreviation.
This mapping had its origins in the X.509 patch for FreeS/WAN that was
started in 2000. It was aligned with how OpenSSL did this in earlier
versions. However, there it was changed already in March 2002 (commit
ffbe98b7630d604263cfb1118c67ca2617a8e222) to make it compatible with
RFC 2256 (predecessor of RFC 4519).
Co-authored-by: Tobias Brunner <tobias@strongswan.org>
Closes strongswan/strongswan#179 .
2021-01-18 17:41:37 +01:00
Tobias Brunner
a4279fcc38
asn1: Fix a compiler warning with GCC 9.1
...
Compiling with GCC 9.1, as e.g. happens on AppVeyor, results in the
following warning:
asn1/asn1.c: In function 'asn1_integer':
asn1/asn1.c:871:24: error: '<Ucb40>' may be used uninitialized in this function [-Werror=maybe-uninitialized]
871 | len = content.len + ((*content.ptr & 0x80) ? 1 : 0);
| ^~~~~~~~~~~~
Some experiments showed that the problem was the chunk_from_chars()
assignment. This might be because the temporary chunk_t that was assigned
to the variable was defined in a sub-block, so it might actually be
undefined later when *content.ptr is read.
2019-08-23 09:06:34 +02:00
Tobias Brunner
020045f416
asn1: Remove useless assignment
2018-09-17 18:51:41 +02:00
Tobias Brunner
89bd016ef4
Fixed some typos, courtesy of codespell
2018-05-23 16:33:02 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
ba16a95454
asn1: Add OIDs for HMAC-based PRFs as defined in RFC 8018
2018-03-07 15:23:03 +01:00
Andreas Steffen
ee402a22a3
asn1: Added tlsfeature OID
2017-12-10 19:56:14 +01:00
Tobias Brunner
f89348d035
asn1: Add helper function to create algorithmIdentifier with parameters
2017-11-08 16:48:10 +01:00
Tobias Brunner
ffd0eeecf0
asn1: Add function to generate an ASN.1 integer from an uint64_t
2017-11-08 16:48:10 +01:00
Tobias Brunner
bfe1cb3a94
asn1: Add OID for MGF1
2017-11-08 16:48:10 +01:00
Tobias Brunner
69502f5afd
asn1: Add OID for RSASSA-PSS
2017-11-08 16:48:10 +01:00
Tobias Brunner
c782d367c6
asn1: Add additional OIDs seen in certificate DNs
2017-11-02 10:02:26 +01:00
Andreas Steffen
407fcca200
asn1-parser: Fix CHOICE parsing
...
Fixes: CVE-2017-9023
2017-05-29 11:05:04 +02:00
Tobias Brunner
411bda6836
asn1: Make sure the first argument to sscanf() is null-terminated
2017-05-23 18:29:12 +02:00
Andreas Steffen
35bc60cc68
Added support of EdDSA signatures
2016-12-14 11:15:47 +01:00
Andreas Steffen
eda8907b90
Added SHA-3 signature OIDs
2016-07-26 13:34:45 +02:00
Yannick Cann
49fa6ebf1c
identification: Add support for dmdName RDN (2.5.4.54)
...
It's listed in RFC 2256 but was later removed with RFC 4519, but there
are still some certs that use it.
Closes strongswan/strongswan#43 .
2016-04-25 17:06:04 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Andreas Steffen
7c81942357
Support pseudonym RDN
2016-01-27 11:38:18 +01:00
Andreas Steffen
4c38c79452
vici: list-cert sends subject, not-before and not-after attributes for pubkeys
2016-01-09 07:23:30 +01:00
Andreas Steffen
a88d958933
Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes
2015-11-06 14:55:31 +01:00
Andreas Steffen
de61e2cef4
Defined SHA-3 hashers
2015-11-03 19:07:15 +01:00
Tobias Brunner
7a1fed284c
Fixed some typos, courtesy of codespell
2015-08-27 12:06:31 +02:00
Martin Willi
12def59617
asn1: Undefine TIME_UTC, which is used by C11
...
When building with C11 support, TIME_UTC is used for timespec_get() and
defined in <time.h>. Undefine TIME_UTC for our own internal use in asn1.c.
2015-04-08 08:47:31 +02:00
Andreas Steffen
d35143bb8d
Fixed two BLISS key type identifier strings
2015-03-16 17:08:14 +01:00
Andreas Steffen
27bd0fed93
Allow SHA256 and SHA384 data hash for BLISS signatures.
...
The default is SHA512 since this hash function is also
used for the c_indices random oracle.
2015-02-26 08:56:12 +01:00
Andreas Steffen
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
Tobias Brunner
5743f6df2f
asn1: Add OID for Blowfish CBC
...
The OID (1.3.6.1.4.1.3029.1.2) is technically not correct, the correct
one is (1.3.6.1.4.1.3029.1.1.2). Every other library or tool (like OpenSSL)
uses the incorrect one so we do the same.
References #740 .
2014-12-05 14:35:41 +01:00
Andreas Steffen
f673966b9f
Started implementing BLISS signature generation
2014-11-29 14:51:16 +01:00
Andreas Steffen
56009f2001
Store and parse BLISS private and public keys in DER and PEM format
...
Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey
and subjectPublicKeyInfo objects.
Some basic functions used by the bliss_public_key class are shared
with the bliss_private_key class.
2014-11-29 14:51:16 +01:00
Andreas Steffen
6d31c7ef74
Added BLISS OIDs in ITA-HSR OID tree
2014-11-29 14:51:14 +01:00
Tobias Brunner
92b76384a0
asn1: Try to fill the available binary OID buffer if possible
2014-09-09 12:31:00 +02:00
Tobias Brunner
4df9250f26
asn1: Make sure not to exceed buffer for binary OID
2014-09-09 10:56:15 +02:00
Martin Willi
a4719c5767
asn1: Return a zeroed ASN1 time if gmtime_r() conversion fails
2014-06-04 15:52:58 +02:00
Martin Willi
922ee2c529
windows: Add a common Windows header for platform specific wrappers
...
Include some more basic system headers in utils.h, so we can use that common
header on the different platforms.
2014-06-03 12:24:34 +02:00
Andreas Steffen
98ae0492b6
Added support for msSmartcardLogon EKU
2014-04-08 13:09:03 +02:00
Andreas Steffen
e2df745122
Added some more OIDs
2014-04-08 11:32:30 +02:00
Andreas Steffen
60451e2fb6
Added SHA3 OIDs
2014-04-04 23:44:55 +02:00
Andreas Steffen
1f9e4d029e
Fixed a minor vulnerability in which a malformed ASN.1 length field could cause a crash of the charon daemon if the verbose debug level 3 (raw hex dump) for the asn subsystem is enabled.
2014-02-14 15:06:57 +01:00
Tobias Brunner
ebc665be4d
asn1: Support dates before 1970-01-01 (i.e. when time_t gets negative)
...
On x86 we allow "overflows" around 1969/1970 but not for other dates.
Fixes #509 .
2014-02-12 13:54:05 +01:00
Tobias Brunner
addc34d5f0
asn1: Add additional validation for parsed ASN.1 date/time values
2014-02-12 13:53:57 +01:00
Andreas Steffen
146ad86be5
Prototype implementation of IKE key exchange via NTRU encryption
2013-11-27 20:21:40 +01:00
Andreas Steffen
7817d88e1a
unit-tests: 100% function coverage for asn1.c
2013-11-03 17:40:51 +01:00
Andreas Steffen
c3103700fc
Some minor refactoring in asn1.c
2013-11-02 21:17:46 +01:00
Andreas Steffen
1347c936bd
Do not free zero-length integer
2013-11-02 02:11:32 +01:00
Tobias Brunner
b3393c88c1
asn1: Fix handling of invalid ASN.1 length in is_asn1()
...
Fixes CVE-2013-5018.
2013-07-31 22:16:58 +02:00
Andreas Steffen
126778679f
Recognize critical IssuingDistributionPoint CRL extension
2013-07-12 09:00:47 +02:00
Tobias Brunner
feef637368
Add pkcs12 plugin which adds support for decoding PKCS#12 containers
2013-05-08 15:02:39 +02:00
Tobias Brunner
594d847f79
PKCS#5 wrapper can decrypt PKCS#12-like schemes
2013-05-08 15:02:38 +02:00
Tobias Brunner
c734c2d875
Extract function to convert ASN.1 INTEGER object to u_int64_t
2013-05-08 14:53:08 +02:00