d8e4a2a777
identification: Change abbreviation for surname/serialNumber RDNs
...
To align with RFC 4519, section 2.31/32, the abbreviation for surname
is changed to "SN" that was previously used for serialNumber, which does
not have an abbreviation.
This mapping had its origins in the X.509 patch for FreeS/WAN that was
started in 2000. It was aligned with how OpenSSL did this in earlier
versions. However, there it was changed already in March 2002 (commit
ffbe98b7630d604263cfb1118c67ca2617a8e222) to make it compatible with
RFC 2256 (predecessor of RFC 4519).
Co-authored-by: Tobias Brunner <tobias@strongswan.org>
Closes strongswan/strongswan#179 .
2021-01-18 17:41:37 +01:00
a4279fcc38
asn1: Fix a compiler warning with GCC 9.1
...
Compiling with GCC 9.1, as e.g. happens on AppVeyor, results in the
following warning:
asn1/asn1.c: In function 'asn1_integer':
asn1/asn1.c:871:24: error: '<Ucb40>' may be used uninitialized in this function [-Werror=maybe-uninitialized]
871 | len = content.len + ((*content.ptr & 0x80) ? 1 : 0);
| ^~~~~~~~~~~~
Some experiments showed that the problem was the chunk_from_chars()
assignment. This might be because the temporary chunk_t that was assigned
to the variable was defined in a sub-block, so it might actually be
undefined later when *content.ptr is read.
2019-08-23 09:06:34 +02:00
020045f416
asn1: Remove useless assignment
2018-09-17 18:51:41 +02:00
89bd016ef4
Fixed some typos, courtesy of codespell
2018-05-23 16:33:02 +02:00
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
ba16a95454
asn1: Add OIDs for HMAC-based PRFs as defined in RFC 8018
2018-03-07 15:23:03 +01:00
ee402a22a3
asn1: Added tlsfeature OID
2017-12-10 19:56:14 +01:00
f89348d035
asn1: Add helper function to create algorithmIdentifier with parameters
2017-11-08 16:48:10 +01:00
ffd0eeecf0
asn1: Add function to generate an ASN.1 integer from an uint64_t
2017-11-08 16:48:10 +01:00
bfe1cb3a94
asn1: Add OID for MGF1
2017-11-08 16:48:10 +01:00
69502f5afd
asn1: Add OID for RSASSA-PSS
2017-11-08 16:48:10 +01:00
c782d367c6
asn1: Add additional OIDs seen in certificate DNs
2017-11-02 10:02:26 +01:00
407fcca200
asn1-parser: Fix CHOICE parsing
...
Fixes: CVE-2017-9023
2017-05-29 11:05:04 +02:00
411bda6836
asn1: Make sure the first argument to sscanf() is null-terminated
2017-05-23 18:29:12 +02:00
35bc60cc68
Added support of EdDSA signatures
2016-12-14 11:15:47 +01:00
eda8907b90
Added SHA-3 signature OIDs
2016-07-26 13:34:45 +02:00
49fa6ebf1c
identification: Add support for dmdName RDN (2.5.4.54)
...
It's listed in RFC 2256 but was later removed with RFC 4519, but there
are still some certs that use it.
Closes strongswan/strongswan#43 .
2016-04-25 17:06:04 +02:00
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
7c81942357
Support pseudonym RDN
2016-01-27 11:38:18 +01:00
4c38c79452
vici: list-cert sends subject, not-before and not-after attributes for pubkeys
2016-01-09 07:23:30 +01:00
a88d958933
Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes
2015-11-06 14:55:31 +01:00
de61e2cef4
Defined SHA-3 hashers
2015-11-03 19:07:15 +01:00
7a1fed284c
Fixed some typos, courtesy of codespell
2015-08-27 12:06:31 +02:00
12def59617
asn1: Undefine TIME_UTC, which is used by C11
...
When building with C11 support, TIME_UTC is used for timespec_get() and
defined in <time.h>. Undefine TIME_UTC for our own internal use in asn1.c.
2015-04-08 08:47:31 +02:00
d35143bb8d
Fixed two BLISS key type identifier strings
2015-03-16 17:08:14 +01:00
27bd0fed93
Allow SHA256 and SHA384 data hash for BLISS signatures.
...
The default is SHA512 since this hash function is also
used for the c_indices random oracle.
2015-02-26 08:56:12 +01:00
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
5743f6df2f
asn1: Add OID for Blowfish CBC
...
The OID (1.3.6.1.4.1.3029.1.2) is technically not correct, the correct
one is (1.3.6.1.4.1.3029.1.1.2). Every other library or tool (like OpenSSL)
uses the incorrect one so we do the same.
References #740 .
2014-12-05 14:35:41 +01:00
f673966b9f
Started implementing BLISS signature generation
2014-11-29 14:51:16 +01:00
56009f2001
Store and parse BLISS private and public keys in DER and PEM format
...
Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey
and subjectPublicKeyInfo objects.
Some basic functions used by the bliss_public_key class are shared
with the bliss_private_key class.
2014-11-29 14:51:16 +01:00
6d31c7ef74
Added BLISS OIDs in ITA-HSR OID tree
2014-11-29 14:51:14 +01:00
92b76384a0
asn1: Try to fill the available binary OID buffer if possible
2014-09-09 12:31:00 +02:00
4df9250f26
asn1: Make sure not to exceed buffer for binary OID
2014-09-09 10:56:15 +02:00
a4719c5767
asn1: Return a zeroed ASN1 time if gmtime_r() conversion fails
2014-06-04 15:52:58 +02:00
922ee2c529
windows: Add a common Windows header for platform specific wrappers
...
Include some more basic system headers in utils.h, so we can use that common
header on the different platforms.
2014-06-03 12:24:34 +02:00
98ae0492b6
Added support for msSmartcardLogon EKU
2014-04-08 13:09:03 +02:00
e2df745122
Added some more OIDs
2014-04-08 11:32:30 +02:00
60451e2fb6
Added SHA3 OIDs
2014-04-04 23:44:55 +02:00
1f9e4d029e
Fixed a minor vulnerability in which a malformed ASN.1 length field could cause a crash of the charon daemon if the verbose debug level 3 (raw hex dump) for the asn subsystem is enabled.
2014-02-14 15:06:57 +01:00
ebc665be4d
asn1: Support dates before 1970-01-01 (i.e. when time_t gets negative)
...
On x86 we allow "overflows" around 1969/1970 but not for other dates.
Fixes #509 .
2014-02-12 13:54:05 +01:00
addc34d5f0
asn1: Add additional validation for parsed ASN.1 date/time values
2014-02-12 13:53:57 +01:00
146ad86be5
Prototype implementation of IKE key exchange via NTRU encryption
2013-11-27 20:21:40 +01:00
7817d88e1a
unit-tests: 100% function coverage for asn1.c
2013-11-03 17:40:51 +01:00
c3103700fc
Some minor refactoring in asn1.c
2013-11-02 21:17:46 +01:00
1347c936bd
Do not free zero-length integer
2013-11-02 02:11:32 +01:00
b3393c88c1
asn1: Fix handling of invalid ASN.1 length in is_asn1()
...
Fixes CVE-2013-5018.
2013-07-31 22:16:58 +02:00
126778679f
Recognize critical IssuingDistributionPoint CRL extension
2013-07-12 09:00:47 +02:00
feef637368
Add pkcs12 plugin which adds support for decoding PKCS#12 containers
2013-05-08 15:02:39 +02:00
594d847f79
PKCS#5 wrapper can decrypt PKCS#12-like schemes
2013-05-08 15:02:38 +02:00
c734c2d875
Extract function to convert ASN.1 INTEGER object to u_int64_t
2013-05-08 14:53:08 +02:00
Коренберг Марк