Andreas Steffen
|
dc4aadc3f2
|
use crl_reason_t definition from <credentials/certificates/crl.h>
|
2009-08-31 23:05:45 +02:00 |
Andreas Steffen
|
a63f62c03b
|
use crl_reason_t definition from <credentials/certificates/crl.h>
|
2009-08-31 22:58:34 +02:00 |
Martin Willi
|
6180a55852
|
use time_monotonic() instead of time() for statistics and time difference calculations
|
2009-08-31 18:00:28 +02:00 |
Martin Willi
|
de5784452b
|
use time_monotonic() instead of gettimeofday() for time difference calculations
|
2009-08-31 15:25:03 +02:00 |
Martin Willi
|
3d5818ec38
|
use monotonic time source in convar->timed_wait, and in the scheduler using it
|
2009-08-31 15:13:48 +02:00 |
Martin Willi
|
3f310c0d1f
|
implemented a monotonic timestamping function, unaffected from system time changes
|
2009-08-31 15:03:35 +02:00 |
Martin Willi
|
1d39663f7a
|
do not depend on gcrypt autoconf macros
|
2009-08-31 13:14:54 +02:00 |
Martin Willi
|
8706a151ff
|
added ECGDSA specific OIDs
|
2009-08-31 10:34:00 +02:00 |
Martin Willi
|
8365f7cd81
|
fixed crash in crl listing
|
2009-08-31 10:21:38 +02:00 |
Andreas Steffen
|
52673c4348
|
generation of keyid requires pkcs1 plugin
|
2009-08-30 22:55:40 +02:00 |
Andreas Steffen
|
c9f74892cc
|
clear RSA private key chunks after use
|
2009-08-30 19:12:29 +02:00 |
Andreas Steffen
|
1982096aa0
|
ASN.1 DER encoding of private key is not needed anymore
|
2009-08-30 19:05:43 +02:00 |
Andreas Steffen
|
26fa5a37d9
|
new UML scenario certs have SHA256 digest
|
2009-08-30 17:58:34 +02:00 |
Andreas Steffen
|
735628f3e3
|
removed position debug output
|
2009-08-30 17:37:27 +02:00 |
Martin Willi
|
bf3b8c90d0
|
added workaround to parse PEM encoded PGP key with KEY_RSA
|
2009-08-28 17:25:07 +02:00 |
Martin Willi
|
4593ef51fd
|
implemented PGP Secret-Key Packet parsing
|
2009-08-28 17:23:58 +02:00 |
Martin Willi
|
caf1af1d9f
|
fixed memleak
|
2009-08-28 16:16:39 +02:00 |
Andreas Steffen
|
2aa67d2636
|
.., but a comment might be helpful
|
2009-08-28 09:28:39 +02:00 |
Andreas Steffen
|
6be3f0f1d0
|
removed TODO reminder
|
2009-08-28 09:26:46 +02:00 |
Andreas Steffen
|
be04eef270
|
allow choice of digest algorithm in certificate generation
|
2009-08-28 09:08:03 +02:00 |
Andreas Steffen
|
e201f53e93
|
build_curve_signature() processes hash not data
|
2009-08-27 20:41:29 +02:00 |
Andreas Steffen
|
1dbaec2177
|
NID_hash and NID_ec_curve were interchanged
|
2009-08-27 20:28:41 +02:00 |
Andreas Steffen
|
ac6a0d5038
|
verify_signature() now processes hash not data
|
2009-08-27 20:18:22 +02:00 |
Andreas Steffen
|
c812802482
|
NID_hash and NID_ec_curver were interchanged
|
2009-08-27 20:11:49 +02:00 |
Martin Willi
|
10b2898d3c
|
verify that the ECDSA auth signature was done with the correct curve
|
2009-08-27 17:58:02 +02:00 |
Martin Willi
|
472cb4ce77
|
distinguish between RFC 4754 (concatenated) and RFC 3279 (DER encoded) ECDSA signatures
|
2009-08-27 17:37:42 +02:00 |
Andreas Steffen
|
78aa4ebd62
|
OID_EC_PUBLICKEY has a parameters field, defining the elliptic curve
|
2009-08-27 16:34:16 +02:00 |
Andreas Steffen
|
263872c47d
|
added OID_EC_PUBLIC_KEY algorithmIdentifier
|
2009-08-27 16:07:59 +02:00 |
Andreas Steffen
|
050649ac41
|
cosmetics
|
2009-08-27 15:35:56 +02:00 |
Martin Willi
|
cec37b643a
|
fixed return value
|
2009-08-27 15:28:45 +02:00 |
Martin Willi
|
7ef310f5b4
|
do not append a NULL paramter to ECDSA algorithmIdentifiers
|
2009-08-27 15:28:21 +02:00 |
Martin Willi
|
9436b31c94
|
PKI tool supports certificate verification
|
2009-08-27 14:43:40 +02:00 |
Martin Willi
|
ed75a4dd69
|
do not flush cached encodings, keys are responsible for it
|
2009-08-27 13:59:30 +02:00 |
Martin Willi
|
85fd609ed6
|
whitelist openssl ecdsa_check function
|
2009-08-27 13:59:30 +02:00 |
Martin Willi
|
5e97fa9900
|
PKI tool supports generation of self-signed certificates
|
2009-08-27 13:59:30 +02:00 |
Martin Willi
|
8b10355c84
|
support generation of EC certificates
|
2009-08-27 13:59:30 +02:00 |
Martin Willi
|
82749537e2
|
added support for SIGN_ECDSA_WITH_SHA1 signature scheme in openssl
|
2009-08-27 13:59:30 +02:00 |
Martin Willi
|
eb73685dac
|
create algorithmIdentifier dynamically from OID database
|
2009-08-27 13:59:30 +02:00 |
Martin Willi
|
c03b095ebe
|
use subjectPublicKeyInfo encoding type directly
|
2009-08-27 13:59:30 +02:00 |
Martin Willi
|
09fe3c7e4c
|
pkcs1 encoder supports subjectPublicKeyInfo encoding
|
2009-08-27 13:59:30 +02:00 |
Andreas Steffen
|
fb70fc24d3
|
revoked soon-to-expire carol certificate
|
2009-08-27 13:36:02 +02:00 |
Andreas Steffen
|
87cb92d944
|
renewed expiring strongSwan certicates for UML scenarios
|
2009-08-27 13:21:04 +02:00 |
Martin Willi
|
d5dd43e777
|
implemented fingerprinting support for PKI tool
|
2009-08-27 10:41:07 +02:00 |
Martin Willi
|
1a8ef8aabc
|
fixed memleak in openssl fingerprinting
|
2009-08-27 10:40:49 +02:00 |
Martin Willi
|
b12c6d163d
|
do openssl fingerprinting/encoding directly, openssl provides all functions
|
2009-08-27 09:58:38 +02:00 |
Martin Willi
|
2ee8cd04bd
|
key encoding gained a cache() method, allows caching of externally created encodings
|
2009-08-27 09:57:49 +02:00 |
Andreas Steffen
|
277627043e
|
pgp plugin required in ikev1/net2net-pgp-v3|v4 scenarios
|
2009-08-26 23:42:05 +02:00 |
Andreas Steffen
|
9df7699419
|
dnskey plugin required in ikev1/net2net-rsa scenario
|
2009-08-26 23:11:06 +02:00 |
Andreas Steffen
|
706c6abe70
|
ikev1 psk scenarios don't need pkcs1 and pem plugins
|
2009-08-26 22:46:39 +02:00 |
Andreas Steffen
|
7c512d8b21
|
fixed typo
|
2009-08-26 22:25:24 +02:00 |