1233294Sstas2008-07-14 Love H��rnquist ��strand <lha@kth.se> 2178825Sdfr 3233294Sstas * hxtool.c: Break out print_eval_types(). 4233294Sstas 5233294Sstas2008-06-21 Love H��rnquist ��strand <lha@kth.se> 6233294Sstas 7233294Sstas * ks_p12.c: pass in time_now to unevelope 8233294Sstas 9233294Sstas * cms.c: Pass in time_now to unevelope, us verify context time in 10233294Sstas verify_signed. 11233294Sstas 12233294Sstas2008-05-23 Love H��rnquist ��strand <lha@kth.se> 13233294Sstas 14233294Sstas * hx_locl.h: Include <limits.h> for TYPE_MAX defines. 15233294Sstas 16233294Sstas2008-04-29 Love H��rnquist ��strand <lha@it.su.se> 17233294Sstas 18233294Sstas * sel-lex.l: Use _hx509_sel_yyerror() instead of error_message(). 19233294Sstas 20233294Sstas2008-04-20 Love H��rnquist ��strand <lha@it.su.se> 21233294Sstas 22233294Sstas * sel-lex.l: Include <config.h> 23233294Sstas 24233294Sstas2008-04-17 Love H��rnquist ��strand <lha@it.su.se> 25233294Sstas 26233294Sstas * Makefile.am: Update make-proto usage. 27233294Sstas 28233294Sstas2008-04-15 Love H��rnquist ��strand <lha@it.su.se> 29233294Sstas 30233294Sstas * ca.c: BasicConstraints.pathLenConstraint unsigned int. 31233294Sstas 32233294Sstas * sel-lex.l: Prefix sel_error with _hx509_ since its global on 33233294Sstas platforms w/o symbol versioning. 34233294Sstas 35233294Sstas * sel.h: rename yyerror to sel_yyerror in the whole library, not 36233294Sstas just the lexer 37233294Sstas 38233294Sstas * sel-lex.l: rename yyerror to sel_yyerror in the whole library, 39233294Sstas not just the lexer 40233294Sstas 41233294Sstas2008-04-14 Love H��rnquist ��strand <lha@it.su.se> 42233294Sstas 43233294Sstas * sel-lex.l: Rename yyerror to sel_yyerror and make it static. 44233294Sstas 45233294Sstas2008-04-08 Love H��rnquist ��strand <lha@it.su.se> 46233294Sstas 47233294Sstas * hx509.h: Make self-standing by including missing files. 48233294Sstas 49233294Sstas2008-04-07 Love H��rnquist ��strand <lha@it.su.se> 50233294Sstas 51233294Sstas * ks_p11.c: Use unsigned where appropriate. 52233294Sstas 53233294Sstas * softp11.c: call va_start before using vsnprintf. 54233294Sstas 55233294Sstas * crypto.c: make refcount slightly more sane. 56233294Sstas 57233294Sstas * keyset.c: make refcount slightly more sane. 58233294Sstas 59233294Sstas * cert.c: make refcount slightly more sane. 60233294Sstas 61233294Sstas2008-03-19 Love H��rnquist ��strand <lha@it.su.se> 62233294Sstas 63233294Sstas * test_nist2.in: Try to find unzip. 64233294Sstas 65233294Sstas2008-03-16 Love H��rnquist ��strand <lha@it.su.se> 66233294Sstas 67233294Sstas * version-script.map: add missing symbols 68233294Sstas 69233294Sstas * spnego: Make delegated credentials delegated directly, Oleg 70233294Sstas Sharoiko pointed out that it always didnt work with the old 71233294Sstas code. Also add som missing cred and context pass-thou functions in 72233294Sstas the SPNEGO layer. 73233294Sstas 74233294Sstas2008-03-14 Love H��rnquist ��strand <lha@it.su.se> 75233294Sstas 76233294Sstas * rename to be more consistent, export for teting 77233294Sstas 78233294Sstas * Add language to support querying certificates to find a 79233294Sstas match. Support constructs like "1.3.6.1.5.2.3.5" IN 80233294Sstas %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE". 81233294Sstas 82233294Sstas2008-02-26 Love H��rnquist ��strand <lha@it.su.se> 83233294Sstas 84233294Sstas * version-script.map: add hx509_pem_read 85233294Sstas 86233294Sstas * hxtool-commands.in: Add --pem to cms-verify-sd. 87233294Sstas 88233294Sstas * test_cms.in: Test verifying PEM signature files. 89233294Sstas 90233294Sstas * hxtool.c: Support verifying PEM signature files. 91233294Sstas 92233294Sstas2008-02-25 Love H��rnquist ��strand <lha@it.su.se> 93233294Sstas 94233294Sstas * Makefile.am: libhx509_la_OBJECTS depends on hx_locl.h 95233294Sstas 96233294Sstas2008-02-11 Love H��rnquist ��strand <lha@it.su.se> 97233294Sstas 98233294Sstas * Use ldap-prep (with libwind) to compare names 99233294Sstas 100233294Sstas2008-01-27 Love H��rnquist ��strand <lha@it.su.se> 101233294Sstas 102233294Sstas * cert.c (hx509_query_match_eku): update to support the NULL 103233294Sstas eku (reset), clearify the old behaivor with regards repetitive 104233294Sstas calls. 105233294Sstas 106233294Sstas * Add matching on EKU, validate EKUs, add hxtool matching glue, 107233294Sstas add check. Adapted from pach from Tim Miller of Mitre 108233294Sstas 109233294Sstas2008-01-21 Love H��rnquist ��strand <lha@it.su.se> 110233294Sstas 111178825Sdfr * test_soft_pkcs11.c: use func for more C_ functions. 112178825Sdfr 113233294Sstas2008-01-18 Love H��rnquist ��strand <lha@it.su.se> 114178825Sdfr 115178825Sdfr * version-script.map: Export hx509_free_error_string(). 116178825Sdfr 117233294Sstas2008-01-17 Love H��rnquist ��strand <lha@it.su.se> 118178825Sdfr 119178825Sdfr * version-script.map: only export C_GetFunctionList 120178825Sdfr 121178825Sdfr * test_soft_pkcs11.c: use C_GetFunctionList 122178825Sdfr 123178825Sdfr * softp11.c: fix comment, remove label. 124178825Sdfr 125178825Sdfr * softp11.c: Add option app-fatal to control if softtoken should 126178825Sdfr abort() on erroneous input from applications. 127178825Sdfr 128233294Sstas2008-01-16 Love H��rnquist ��strand <lha@it.su.se> 129178825Sdfr 130178825Sdfr * test_pkcs11.in: Test password less certificates too 131178825Sdfr 132178825Sdfr * keyset.c: document HX509_CERTS_UNPROTECT_ALL 133178825Sdfr 134178825Sdfr * ks_file.c: Support HX509_CERTS_UNPROTECT_ALL. 135178825Sdfr 136178825Sdfr * hx509.h: Add HX509_CERTS_UNPROTECT_ALL. 137178825Sdfr 138178825Sdfr * test_soft_pkcs11.c: Only log in if needed. 139178825Sdfr 140233294Sstas2008-01-15 Love H��rnquist ��strand <lha@it.su.se> 141178825Sdfr 142178825Sdfr * softp11.c: Support PINs to login to the store. 143178825Sdfr 144178825Sdfr * Makefile.am: add java pkcs11 test 145178825Sdfr 146178825Sdfr * test_java_pkcs11.in: first version of disable java test 147178825Sdfr 148178825Sdfr * softp11.c: Drop unused stuff. 149178825Sdfr 150178825Sdfr * cert.c: Spelling, Add hx509_cert_get_SPKI_AlgorithmIdentifier, 151178825Sdfr remove unused stuff, add hx509_context to some functions. 152178825Sdfr 153178825Sdfr * softp11.c: Add more glue to figure out what keytype this 154178825Sdfr certificate is using. 155178825Sdfr 156233294Sstas2008-01-14 Love H��rnquist ��strand <lha@it.su.se> 157178825Sdfr 158178825Sdfr * test_pkcs11.in: test debug 159178825Sdfr 160178825Sdfr * Add a PKCS11 provider supporting signing and verifing sigatures. 161178825Sdfr 162233294Sstas2008-01-13 Love H��rnquist ��strand <lha@it.su.se> 163178825Sdfr 164178825Sdfr * version-script.map: Replace hx509_name_to_der_name with 165178825Sdfr hx509_name_binary. 166178825Sdfr 167178825Sdfr * print.c: make print_func static 168178825Sdfr 169233294Sstas2007-12-26 Love H��rnquist ��strand <lha@it.su.se> 170178825Sdfr 171178825Sdfr * print.c: doxygen 172178825Sdfr 173178825Sdfr * env.c: doxygen 174178825Sdfr 175178825Sdfr * doxygen.c: add more groups 176178825Sdfr 177178825Sdfr * ca.c: doxygen. 178178825Sdfr 179233294Sstas2007-12-17 Love H��rnquist ��strand <lha@it.su.se> 180178825Sdfr 181178825Sdfr * ca.c: doxygen 182178825Sdfr 183233294Sstas2007-12-16 Love H��rnquist ��strand <lha@it.su.se> 184178825Sdfr 185178825Sdfr * error.c: doxygen 186178825Sdfr 187233294Sstas2007-12-15 Love H��rnquist ��strand <lha@it.su.se> 188178825Sdfr 189178825Sdfr * More documentation 190178825Sdfr 191178825Sdfr * lock.c: Add page referance 192178825Sdfr 193178825Sdfr * keyset.c: some more documentation. 194178825Sdfr 195178825Sdfr * cms.c: Doxygen documentation. 196178825Sdfr 197233294Sstas2007-12-11 Love H��rnquist ��strand <lha@it.su.se> 198178825Sdfr 199178825Sdfr * *.[ch]: More documentation 200178825Sdfr 201233294Sstas2007-12-09 Love H��rnquist ��strand <lha@it.su.se> 202178825Sdfr 203178825Sdfr * handle refcount on NULL. 204178825Sdfr 205178825Sdfr * test_nist_pkcs12.in: drop echo -n, doesn't work with posix sh 206178825Sdfr 207233294Sstas2007-12-08 Love H��rnquist ��strand <lha@it.su.se> 208178825Sdfr 209178825Sdfr * test_nist2.in: Print that this is version 2 of the tests 210178825Sdfr 211178825Sdfr * test_nist.in: Drop printing of $id. 212178825Sdfr 213178825Sdfr * hx509.h: Add HX509_VHN_F_ALLOW_NO_MATCH. 214178825Sdfr 215178825Sdfr * name.c: spelling. 216178825Sdfr 217178825Sdfr * cert.c: make work the doxygen. 218178825Sdfr 219178825Sdfr * name.c: fix doxygen compiling. 220178825Sdfr 221178825Sdfr * Makefile.am: add doxygen.c 222178825Sdfr 223178825Sdfr * doxygen.c: Add doxygen main page. 224178825Sdfr 225178825Sdfr * cert.c: Add doxygen. 226178825Sdfr 227178825Sdfr * revoke.c (_hx509_revoke_ref): new function. 228178825Sdfr 229233294Sstas2007-11-16 Love H��rnquist ��strand <lha@it.su.se> 230178825Sdfr 231178825Sdfr * ks_keychain.c: Check if SecKeyGetCSPHandle needs prototype. 232178825Sdfr 233233294Sstas2007-08-16 Love H��rnquist ��strand <lha@it.su.se> 234178825Sdfr 235178825Sdfr * data/nist-data: Make work on case senstive filesystems too. 236178825Sdfr 237233294Sstas2007-08-09 Love H��rnquist ��strand <lha@it.su.se> 238178825Sdfr 239178825Sdfr * cert.c: match rfc822 contrains better, provide better error 240178825Sdfr strings. 241178825Sdfr 242233294Sstas2007-08-08 Love H��rnquist ��strand <lha@it.su.se> 243178825Sdfr 244178825Sdfr * cert.c: "self-signed doesn't count" doesn't apply to trust 245178825Sdfr anchor certificate. make trust anchor check consistant. 246178825Sdfr 247178825Sdfr * revoke.c: make compile. 248178825Sdfr 249178825Sdfr * revoke.c (verify_crl): set error strings. 250178825Sdfr 251178825Sdfr * revoke.c (verify_crl): handle with the signer is the 252178825Sdfr CRLsigner (shortcut). 253178825Sdfr 254178825Sdfr * cert.c: Fix NC, comment on how to use _hx509_check_key_usage. 255178825Sdfr 256233294Sstas2007-08-03 Love H��rnquist ��strand <lha@it.su.se> 257178825Sdfr 258178825Sdfr * test_nist2.in, Makefile, test/nist*: Add nist pkits tests. 259178825Sdfr 260178825Sdfr * revoke.c: Update to use CERT_REVOKED error, shortcut out of OCSP 261178825Sdfr checking when OCSP reply is a revocation reply. 262178825Sdfr 263178825Sdfr * hx509_err.et: Make CERT_REVOKED error OCSP/CRL agnostic. 264178825Sdfr 265178825Sdfr * name.c (_hx509_Name_to_string): make printableString handle 266178825Sdfr space (0x20) diffrences as required by rfc3280. 267178825Sdfr 268178825Sdfr * revoke.c: Search for the right issuer when looking for the 269178825Sdfr issuer of the CRL signer. 270178825Sdfr 271233294Sstas2007-08-02 Love H��rnquist ��strand <lha@it.su.se> 272178825Sdfr 273178825Sdfr * revoke.c: Handle CRL signing certificate better, try to not 274178825Sdfr revalidate invalid CRLs over and over. 275178825Sdfr 276233294Sstas2007-08-01 Love H��rnquist ��strand <lha@it.su.se> 277178825Sdfr 278178825Sdfr * cms.c: remove stale comment. 279178825Sdfr 280178825Sdfr * test_nist.in: Unpack PKITS_data.zip and run tests. 281178825Sdfr 282178825Sdfr * test_nist_cert.in: Adapt to new nist pkits framework. 283178825Sdfr 284178825Sdfr * test_nist_pkcs12.in: Adapt to new nist pkits framework. 285178825Sdfr 286178825Sdfr * Makefile.am: clean PKITS_data 287178825Sdfr 288233294Sstas2007-07-16 Love H��rnquist ��strand <lha@it.su.se> 289178825Sdfr 290178825Sdfr * Makefile.am: Add version-script.map to EXTRA_DIST 291178825Sdfr 292233294Sstas2007-07-12 Love H��rnquist ��strand <lha@it.su.se> 293178825Sdfr 294178825Sdfr * Makefile.am: Add depenency on asn1_compile for asn1 built files. 295178825Sdfr 296233294Sstas2007-07-10 Love H��rnquist ��strand <lha@it.su.se> 297178825Sdfr 298178825Sdfr * peer.c: update (c), indent. 299178825Sdfr 300178825Sdfr * Makefile.am: New library version. 301178825Sdfr 302233294Sstas2007-06-28 Love H��rnquist ��strand <lha@it.su.se> 303178825Sdfr 304178825Sdfr * ks_p11.c: Add sha2 types. 305178825Sdfr 306178825Sdfr * ref/pkcs11.h: Sync with scute. 307178825Sdfr 308178825Sdfr * ref/pkcs11.h: Add sha2 CKM's. 309178825Sdfr 310178825Sdfr * print.c: Print authorityInfoAccess. 311178825Sdfr 312178825Sdfr * cert.c: Rename proxyCertInfo oid. 313178825Sdfr 314178825Sdfr * ca.c: Rename proxyCertInfo oid. 315178825Sdfr 316178825Sdfr * print.c: Rename proxyCertInfo oid. 317178825Sdfr 318233294Sstas2007-06-26 Love H��rnquist ��strand <lha@it.su.se> 319178825Sdfr 320178825Sdfr * test_ca.in: Adapt to new request handling. 321178825Sdfr 322178825Sdfr * req.c: Allow export some of the request parameters. 323178825Sdfr 324178825Sdfr * hxtool-commands.in: Adapt to new request handling. 325178825Sdfr 326178825Sdfr * hxtool.c: Adapt to new request handling. 327178825Sdfr 328178825Sdfr * test_req.in: Adapt to new request handling. 329178825Sdfr 330178825Sdfr * version-script.map: Add initialize_hx_error_table_r. 331178825Sdfr 332178825Sdfr * req.c: Move _hx509_request_print here. 333178825Sdfr 334178825Sdfr * hxtool.c: use _hx509_request_print 335178825Sdfr 336178825Sdfr * version-script.map: Export more crap^W semiprivate functions. 337178825Sdfr 338178825Sdfr * hxtool.c: don't _hx509_abort 339178825Sdfr 340178825Sdfr * version-script.map: add missing ; 341178825Sdfr 342233294Sstas2007-06-25 Love H��rnquist ��strand <lha@it.su.se> 343178825Sdfr 344178825Sdfr * cms.c: Use hx509_crypto_random_iv. 345178825Sdfr 346178825Sdfr * crypto.c: Split out the iv creation from hx509_crypto_encrypt 347178825Sdfr since _hx509_pbe_encrypt needs to use the iv from the s2k 348178825Sdfr function. 349178825Sdfr 350178825Sdfr * test_cert.in: Test PEM and DER FILE writing functionallity. 351178825Sdfr 352178825Sdfr * ks_file.c: Add writing DER certificates. 353178825Sdfr 354178825Sdfr * hxtool.c: Update to new hx509_pem_write(). 355178825Sdfr 356178825Sdfr * test_cms.in: test creation of PEM signeddata. 357178825Sdfr 358178825Sdfr * hx509.h: PEM struct/function declarations. 359178825Sdfr 360178825Sdfr * ks_file.c: Use PEM encoding/decoding functions. 361178825Sdfr 362178825Sdfr * file.c: PEM encode/decoding functions. 363178825Sdfr 364178825Sdfr * ks_file.c: Use hx509_pem_write. 365178825Sdfr 366178825Sdfr * version-script.map: Export some semi-private functions. 367178825Sdfr 368178825Sdfr * hxtool.c: Enable writing out signed data as a pem attachment. 369178825Sdfr 370178825Sdfr * hxtool-commands.in (cms-create-signed): add --pem 371178825Sdfr 372178825Sdfr * file.c (hx509_pem_write): Add. 373178825Sdfr 374178825Sdfr * test_ca.in: Issue and test null subject cert. 375178825Sdfr 376178825Sdfr * cert.c: Match is first component is in a CN=. 377178825Sdfr 378178825Sdfr * test_ca.in: Test hostname if first CN. 379178825Sdfr 380178825Sdfr * Makefile.am: Add version script. 381178825Sdfr 382178825Sdfr * version-script.map: Limited exported symbols. 383178825Sdfr 384178825Sdfr * test_ca.in: test --hostname. 385178825Sdfr 386178825Sdfr * test_chain.in: test max-depth 387178825Sdfr 388178825Sdfr * hx509.h: fixate HX509_HN_HOSTNAME at 0. 389178825Sdfr 390178825Sdfr * hxtool-commands.in: add --hostname add --max-depth 391178825Sdfr 392178825Sdfr * cert.c: Verify hostname and max-depth. 393178825Sdfr 394178825Sdfr * hxtool.c: Verify hostname and test max-depth. 395178825Sdfr 396233294Sstas2007-06-24 Love H��rnquist ��strand <lha@it.su.se> 397178825Sdfr 398178825Sdfr * test_cms.in: Test --id-by-name. 399178825Sdfr 400178825Sdfr * hxtool-commands.in: add cms-create-sd --id-by-name 401178825Sdfr 402178825Sdfr * hxtool.c: Use HX509_CMS_SIGATURE_ID_NAME. 403178825Sdfr 404178825Sdfr * cms.c: Implement and use HX509_CMS_SIGATURE_ID_NAME. 405178825Sdfr 406178825Sdfr * hx509.h: Add HX509_CMS_SIGATURE_ID_NAME, use subject name for 407178825Sdfr CMS.Identifier. hx509_hostname_type: add hostname type for 408178825Sdfr matching. 409178825Sdfr 410178825Sdfr * cert.c (match_general_name): more strict rfc822Name matching. 411178825Sdfr (hx509_verify_hostname): add hostname type for matching. 412178825Sdfr 413233294Sstas2007-06-19 Love H��rnquist ��strand <lha@it.su.se> 414178825Sdfr 415178825Sdfr * hxtool.c: Make compile again. 416178825Sdfr 417178825Sdfr * hxtool.c: Added peap-server for to make windows peap clients 418178825Sdfr happy. 419178825Sdfr 420178825Sdfr * hxtool.c: Unify parse_oid code. 421178825Sdfr 422178825Sdfr * hxtool.c: Implement --content-type. 423178825Sdfr 424178825Sdfr * hxtool-commands.in: Add content-type. 425178825Sdfr 426178825Sdfr * test_cert.in: more cert and keyset tests. 427178825Sdfr 428233294Sstas2007-06-18 Love H��rnquist ��strand <lha@it.su.se> 429178825Sdfr 430178825Sdfr * revoke.c: Avoid stomping on NULL. 431178825Sdfr 432178825Sdfr * revoke.c: Avoid reusing i. 433178825Sdfr 434178825Sdfr * cert.c: Provide __attribute__ for _hx509_abort. 435178825Sdfr 436178825Sdfr * ks_file.c: Fail if not finding iv. 437178825Sdfr 438178825Sdfr * keyset.c: Avoid useing freed memory. 439178825Sdfr 440178825Sdfr * crypto.c: Free memory in failure case. 441178825Sdfr 442178825Sdfr * crypto.c: Free memory in failure case. 443178825Sdfr 444233294Sstas2007-06-12 Love H��rnquist ��strand <lha@it.su.se> 445178825Sdfr 446178825Sdfr * *.c: Add hx509_cert_init_data and use everywhere 447178825Sdfr 448178825Sdfr * hx_locl.h: Now that KEYCHAIN:system-anchors is fast again, use 449178825Sdfr that. 450178825Sdfr 451178825Sdfr * ks_keychain.c: Implement trust anchor support with 452178825Sdfr SecTrustCopyAnchorCertificates. 453178825Sdfr 454178825Sdfr * keyset.c: Set ref to 1 for the new object. 455178825Sdfr 456178825Sdfr * cert.c: Fix logic for allow_default_trust_anchors 457178825Sdfr 458178825Sdfr * keyset.c: Add refcounting to keystores. 459178825Sdfr 460178825Sdfr * cert.c: Change logic for default trust anchors, make it be 461178825Sdfr either default trust anchor, the user supplied, or non at all. 462178825Sdfr 463233294Sstas2007-06-08 Love H��rnquist ��strand <lha@it.su.se> 464178825Sdfr 465178825Sdfr * Makefile.am: Add data/j.pem. 466178825Sdfr 467178825Sdfr * Makefile.am: Add test_windows.in. 468178825Sdfr 469233294Sstas2007-06-06 Love H��rnquist ��strand <lha@it.su.se> 470178825Sdfr 471178825Sdfr * ks_keychain.c: rename functions, leaks less memory and more 472178825Sdfr paranoia. 473178825Sdfr 474178825Sdfr * test_cms.in: Test cms peer-alg. 475178825Sdfr 476178825Sdfr * crypto.c (rsa_create_signature): make oid_id_pkcs1_rsaEncryption 477178825Sdfr mean rsa-with-sha1 but oid oid_id_pkcs1_rsaEncryption in algorithm 478178825Sdfr field. XXX should probably use another algorithmIdentifier for 479178825Sdfr this. 480178825Sdfr 481178825Sdfr * peer.c: Make free function return void. 482178825Sdfr 483178825Sdfr * cms.c (hx509_cms_create_signed_1): Use hx509_peer_info to select 484178825Sdfr the signature algorithm too. 485178825Sdfr 486178825Sdfr * hxtool-commands.in: Add cms-create-sd --peer-alg. 487178825Sdfr 488178825Sdfr * req.c: Use _hx509_crypto_default_sig_alg. 489178825Sdfr 490178825Sdfr * test_windows.in: Create crl, because everyone needs one. 491178825Sdfr 492178825Sdfr * Makefile.am: add wcrl.crl 493178825Sdfr 494233294Sstas2007-06-05 Love H��rnquist ��strand <lha@it.su.se> 495178825Sdfr 496178825Sdfr * hx_locl.h: Disable KEYCHAIN for now, its slow. 497178825Sdfr 498178825Sdfr * cms.c: When we are not using pkcs7-data, avoid seing 499178825Sdfr signedAttributes since some clients get upset by that (pkcs7 based 500178825Sdfr or just plain broken). 501178825Sdfr 502178825Sdfr * ks_keychain.c: Provide rsa signatures. 503178825Sdfr 504178825Sdfr * ks_keychain.c: Limit the searches to the selected keychain. 505178825Sdfr 506178825Sdfr * ks_keychain.c: include -framework Security specific header files 507178825Sdfr after #ifdef 508178825Sdfr 509178825Sdfr * ks_keychain.c: Find and attach private key (does not provide 510178825Sdfr operations yet though). 511178825Sdfr 512178825Sdfr * ks_p11.c: Prefix rsa method with p11_ 513178825Sdfr 514178825Sdfr * ks_keychain.c: Allow opening a specific chain, making "system" 515178825Sdfr special and be the system X509Anchors file. By not specifing any 516178825Sdfr keychain ("KEYCHAIN:"), all keychains are probed. 517178825Sdfr 518233294Sstas2007-06-04 Love H��rnquist ��strand <lha@it.su.se> 519178825Sdfr 520178825Sdfr * hxtool.c (verify): Friendlier error message. 521178825Sdfr 522178825Sdfr * cert.c: Read in and use default trust anchors if they exists. 523178825Sdfr 524178825Sdfr * hx_locl.h: Add concept of default_trust_anchors. 525178825Sdfr 526178825Sdfr * ks_keychain.c: Remove err(), remove extra empty comment, fix 527178825Sdfr _iter function. 528178825Sdfr 529178825Sdfr * error.c (hx509_get_error_string): if the error code is not the 530178825Sdfr one we expect, punt and use the default com_err/strerror string 531178825Sdfr instead. 532178825Sdfr 533178825Sdfr * keyset.c (hx509_certs_merge): its ok to merge in the NULL set of 534178825Sdfr certs. 535178825Sdfr 536178825Sdfr * test_windows.in: Fix status string. 537178825Sdfr 538178825Sdfr * ks_p12.c (store_func): free whole CertBag, not just the data 539178825Sdfr part. 540178825Sdfr 541178825Sdfr * print.c: Check that the self-signed cert is really self-signed. 542178825Sdfr 543178825Sdfr * print.c: Use selfsigned for CRL DP whine, tell if its a 544178825Sdfr self-signed. 545178825Sdfr 546178825Sdfr * print.c: Whine if its a non CA/proxy and doesn't have CRL DP. 547178825Sdfr 548178825Sdfr * ca.c: Add cRLSign to CA certs. 549178825Sdfr 550178825Sdfr * cert.c: Register NULL and KEYCHAIN. 551178825Sdfr 552178825Sdfr * ks_null.c: register the NULL keystore. 553178825Sdfr 554178825Sdfr * Makefile.am: Add ks_keychain.c and related libs. 555178825Sdfr 556178825Sdfr * test_crypto.in: Print certificate with utf8. 557178825Sdfr 558178825Sdfr * print.c: Leak less memory. 559178825Sdfr 560178825Sdfr * hxtool.c: Leak less memory. 561178825Sdfr 562178825Sdfr * print.c: Leak less memory, use functions that does same but 563178825Sdfr more. 564178825Sdfr 565178825Sdfr * name.c (quote_string): don't sign extend the (signed) char to 566178825Sdfr avoid printing too much, add an assert to check that we didn't 567178825Sdfr overrun the buffer. 568178825Sdfr 569178825Sdfr * name.c: Use right element out of the CHOICE for printableString 570178825Sdfr and utf8String 571178825Sdfr 572178825Sdfr * ks_keychain.c: Certificate only KeyChain backend. 573178825Sdfr 574178825Sdfr * name.c: Reset name before parsing it. 575178825Sdfr 576233294Sstas2007-06-03 Love H��rnquist ��strand <lha@it.su.se> 577178825Sdfr 578178825Sdfr * revoke.c (hx509_crl_*): fix sizeof() mistakes to fix memory 579178825Sdfr corruption. 580178825Sdfr 581178825Sdfr * hxtool.c: Add lifetime to crls. 582178825Sdfr 583178825Sdfr * hxtool-commands.in: Add lifetime to crls. 584178825Sdfr 585178825Sdfr * revoke.c: Add lifetime to crls. 586178825Sdfr 587178825Sdfr * test_ca.in: More crl checks. 588178825Sdfr 589178825Sdfr * revoke.c: Add revoking certs. 590178825Sdfr 591178825Sdfr * hxtool-commands.in: argument is certificates.. for crl-sign 592178825Sdfr 593178825Sdfr * hxtool.c (certificate_copy): free lock 594178825Sdfr 595178825Sdfr * revoke.c: Fix hx509_set_error_string calls, add 596178825Sdfr hx509_crl_add_revoked_certs(), implement hx509_crl_{alloc,free}. 597178825Sdfr 598178825Sdfr * hxtool.c (crl_sign): free lock 599178825Sdfr 600178825Sdfr * cert.c (hx509_context_free): free querystat 601178825Sdfr 602233294Sstas2007-06-02 Love H��rnquist ��strand <lha@it.su.se> 603178825Sdfr 604178825Sdfr * test_chain.in: test ocsp-verify 605178825Sdfr 606178825Sdfr * revoke.c (hx509_ocsp_verify): explain what its useful for and 607178825Sdfr provide sane error message. 608178825Sdfr 609178825Sdfr * hx509_err.et: New error code, CERT_NOT_IN_OCSP 610178825Sdfr 611178825Sdfr * hxtool.c: New command ocsp-verify, check if ocsp contains all 612178825Sdfr certs and are valid (exist and non expired). 613178825Sdfr 614178825Sdfr * hxtool-commands.in: New command ocsp-verify. 615178825Sdfr 616233294Sstas2007-06-01 Love H��rnquist ��strand <lha@it.su.se> 617178825Sdfr 618178825Sdfr * test_ca.in: Create crl and verify that is works. 619178825Sdfr 620178825Sdfr * hxtool.c: Sign CRL command. 621178825Sdfr 622178825Sdfr * hx509.h: Add hx509_crl. 623178825Sdfr 624178825Sdfr * hxtool-commands.in: Add crl-sign commands. 625178825Sdfr 626178825Sdfr * revoke.c: Support to generate an empty CRL. 627178825Sdfr 628178825Sdfr * tst-crypto-select2: Switched default types. 629178825Sdfr 630178825Sdfr * tst-crypto-select1: Switched default types. 631178825Sdfr 632178825Sdfr * ca.c: Use default AlgorithmIdentifier. 633178825Sdfr 634178825Sdfr * cms.c: Use default AlgorithmIdentifier. 635178825Sdfr 636178825Sdfr * crypto.c: Provide default AlgorithmIdentifier and use them. 637178825Sdfr 638178825Sdfr * hx_locl.h: Provide default AlgorithmIdentifier. 639178825Sdfr 640178825Sdfr * keyset.c (hx509_certs_find): collects stats for queries. 641178825Sdfr 642178825Sdfr * cert.c: Sort and print more info. 643178825Sdfr 644178825Sdfr * hx_locl.h: Add querystat to hx509_context. 645178825Sdfr 646178825Sdfr * test_*.in: sprinle stat saveing 647178825Sdfr 648178825Sdfr * Makefile.am: Add stat and objdir. 649178825Sdfr 650178825Sdfr * collector.c (_hx509_collector_alloc): return error code instead 651178825Sdfr of pointer. 652178825Sdfr 653178825Sdfr * hxtool.c: Add statistic hook. 654178825Sdfr 655178825Sdfr * ks_file.c: Update _hx509_collector_alloc prototype. 656178825Sdfr 657178825Sdfr * ks_p12.c: Update _hx509_collector_alloc prototype. 658178825Sdfr 659178825Sdfr * ks_p11.c: Update _hx509_collector_alloc prototype. 660178825Sdfr 661178825Sdfr * hxtool-commands.in: Add statistics hook. 662178825Sdfr 663178825Sdfr * cert.c: Statistics printing. 664178825Sdfr 665178825Sdfr * ks_p12.c: plug memory leak 666178825Sdfr 667178825Sdfr * ca.c (hx509_ca_tbs_add_crl_dp_uri): plug memory leak 668178825Sdfr 669233294Sstas2007-05-31 Love H��rnquist ��strand <lha@it.su.se> 670178825Sdfr 671178825Sdfr * print.c: print utf8 type SAN's 672178825Sdfr 673178825Sdfr * Makefile.am: Fix windows client cert name. 674178825Sdfr 675178825Sdfr * test_windows.in: Add crl-uri for the ee certs. 676178825Sdfr 677178825Sdfr * print.c: Printf formating. 678178825Sdfr 679178825Sdfr * ca.c: Add glue for adding CRL dps. 680178825Sdfr 681178825Sdfr * test_ca.in: Readd the crl adding code, it works (somewhat) now. 682178825Sdfr 683178825Sdfr * print.c: Fix printing of CRL DPnames (I hate IMPLICIT encoded 684178825Sdfr structures). 685178825Sdfr 686178825Sdfr * hxtool-commands.in: make ca and alias of certificate-sign 687178825Sdfr 688233294Sstas2007-05-30 Love H��rnquist ��strand <lha@it.su.se> 689178825Sdfr 690178825Sdfr * crypto.c (hx509_crypto_select): copy AI to the right place. 691178825Sdfr 692178825Sdfr * hxtool-commands.in: Add ca --ms-upn. 693178825Sdfr 694178825Sdfr * hxtool.c: add --ms-upn and add more EKU's for pk-init client. 695178825Sdfr 696178825Sdfr * ca.c: Add hx509_ca_tbs_add_san_ms_upn and refactor code. 697178825Sdfr 698178825Sdfr * test_crypto.in: Resurect killed e. 699178825Sdfr 700178825Sdfr * test_crypto.in: check for aes256-cbc 701178825Sdfr 702178825Sdfr * tst-crypto-select7: check for aes256-cbc 703178825Sdfr 704178825Sdfr * test_windows.in: test windows stuff 705178825Sdfr 706178825Sdfr * hxtool.c: add ca --domain-controller option, add secret key 707178825Sdfr option to avaible. 708178825Sdfr 709178825Sdfr * ca.c: Add hx509_ca_tbs_set_domaincontroller. 710178825Sdfr 711178825Sdfr * hxtool-commands.in: add ca --domain-controller 712178825Sdfr 713178825Sdfr * hxtool.c: hook for testing secrety key algs 714178825Sdfr 715178825Sdfr * crypto.c: Add selection code for secret key crypto. 716178825Sdfr 717178825Sdfr * hx509.h: Add HX509_SELECT_SECRET_ENC. 718178825Sdfr 719233294Sstas2007-05-13 Love H��rnquist ��strand <lha@it.su.se> 720178825Sdfr 721178825Sdfr * ks_p11.c: add more mechtypes 722178825Sdfr 723233294Sstas2007-05-10 Love H��rnquist ��strand <lha@it.su.se> 724178825Sdfr 725178825Sdfr * print.c: Indent. 726178825Sdfr 727178825Sdfr * hxtool-commands.in: add test-crypto command 728178825Sdfr 729178825Sdfr * hxtool.c: test crypto command 730178825Sdfr 731178825Sdfr * cms.c (hx509_cms_create_signed_1): if no eContentType is given, 732178825Sdfr use pkcs7-data. 733178825Sdfr 734178825Sdfr * print.c: add Netscape cert comment 735178825Sdfr 736178825Sdfr * crypto.c: Try both the empty password and the NULL 737178825Sdfr password (nothing vs the octet string \x00\x00). 738178825Sdfr 739178825Sdfr * print.c: Add some US Fed PKI oids. 740178825Sdfr 741178825Sdfr * ks_p11.c: Add some more hashes. 742178825Sdfr 743233294Sstas2007-04-24 Love H��rnquist ��strand <lha@it.su.se> 744178825Sdfr 745178825Sdfr * hxtool.c (crypto_select): stop memory leak 746178825Sdfr 747233294Sstas2007-04-19 Love H��rnquist ��strand <lha@it.su.se> 748178825Sdfr 749178825Sdfr * peer.c (hx509_peer_info_free): free memory used too 750178825Sdfr 751178825Sdfr * hxtool.c (crypto_select): only free peer if it was used. 752178825Sdfr 753233294Sstas2007-04-18 Love H��rnquist ��strand <lha@it.su.se> 754178825Sdfr 755178825Sdfr * hxtool.c: free template 756178825Sdfr 757178825Sdfr * ks_mem.c (mem_free): free key array too 758178825Sdfr 759178825Sdfr * hxtool.c: free private key and tbs 760178825Sdfr 761178825Sdfr * hxtool.c (hxtool_ca): free signer 762178825Sdfr 763178825Sdfr * hxtool.c (crypto_available): free peer too. 764178825Sdfr 765178825Sdfr * ca.c (get_AuthorityKeyIdentifier): leak less memory 766178825Sdfr 767178825Sdfr * hxtool.c (hxtool_ca): free SPKI 768178825Sdfr 769178825Sdfr * hxtool.c (hxtool_ca): free cert 770178825Sdfr 771178825Sdfr * ks_mem.c (mem_getkeys): allocate one more the we have elements 772178825Sdfr so its possible to store the NULL pointer at the end. 773178825Sdfr 774233294Sstas2007-04-16 Love H��rnquist ��strand <lha@it.su.se> 775178825Sdfr 776178825Sdfr * Makefile.am: CLEANFILES += cert-null.pem cert-sub-ca2.pem 777178825Sdfr 778233294Sstas2007-02-05 Love H��rnquist ��strand <lha@it.su.se> 779178825Sdfr 780178825Sdfr * ca.c: Disable CRLDistributionPoints for now, its IMPLICIT code 781178825Sdfr in the asn1 parser. 782178825Sdfr 783178825Sdfr * print.c: Add some more \n's. 784178825Sdfr 785233294Sstas2007-02-03 Love H��rnquist ��strand <lha@it.su.se> 786178825Sdfr 787178825Sdfr * file.c: Allow mapping using heim_octet_string. 788178825Sdfr 789178825Sdfr * hxtool.c: Add options to generate detached signatures. 790178825Sdfr 791178825Sdfr * cms.c: Add flags to generate detached signatures. 792178825Sdfr 793178825Sdfr * hx509.h: Flag to generate detached signatures. 794178825Sdfr 795178825Sdfr * test_cms.in: Support detached sigatures. 796178825Sdfr 797178825Sdfr * name.c (hx509_general_name_unparse): unparse the other 798178825Sdfr GeneralName nametypes. 799178825Sdfr 800178825Sdfr * print.c: Use less printf. Use hx509_general_name_unparse. 801178825Sdfr 802178825Sdfr * cert.c: Fix printing and plug leak-on-error. 803178825Sdfr 804233294Sstas2007-01-31 Love H��rnquist ��strand <lha@it.su.se> 805178825Sdfr 806178825Sdfr * test_ca.in: Add test for ca --crl-uri. 807178825Sdfr 808178825Sdfr * hxtool.c: Add ca --crl-uri. 809178825Sdfr 810178825Sdfr * hxtool-commands.in: add ca --crl-uri 811178825Sdfr 812178825Sdfr * ca.c: Code to set CRLDistributionPoints in certificates. 813178825Sdfr 814178825Sdfr * print.c: Check CRLDistributionPointNames. 815178825Sdfr 816178825Sdfr * name.c (hx509_general_name_unparse): function for unparsing 817178825Sdfr GeneralName, only supports GeneralName.URI 818178825Sdfr 819178825Sdfr * cert.c (is_proxy_cert): free info if we wont return it. 820178825Sdfr 821233294Sstas2007-01-30 Love H��rnquist ��strand <lha@it.su.se> 822178825Sdfr 823178825Sdfr * hxtool.c: Try to help how to use this command. 824178825Sdfr 825233294Sstas2007-01-21 Love H��rnquist ��strand <lha@it.su.se> 826178825Sdfr 827178825Sdfr * switch to sha256 as default digest for signing 828178825Sdfr 829233294Sstas2007-01-20 Love H��rnquist ��strand <lha@it.su.se> 830178825Sdfr 831178825Sdfr * test_ca.in: Really test sub-ca code, add basic constraints tests 832178825Sdfr 833233294Sstas2007-01-17 Love H��rnquist ��strand <lha@it.su.se> 834178825Sdfr 835178825Sdfr * Makefile.am: Fix makefile problem. 836178825Sdfr 837233294Sstas2007-01-16 Love H��rnquist ��strand <lha@it.su.se> 838178825Sdfr 839178825Sdfr * hxtool.c: Set num of bits before we generate the key. 840178825Sdfr 841233294Sstas2007-01-15 Love H��rnquist ��strand <lha@it.su.se> 842178825Sdfr 843178825Sdfr * cms.c (hx509_cms_create_signed_1): use hx509_cert_binary 844178825Sdfr 845178825Sdfr * ks_p12.c (store_func): use hx509_cert_binary 846178825Sdfr 847178825Sdfr * ks_file.c (store_func): use hx509_cert_binary 848178825Sdfr 849178825Sdfr * cert.c (hx509_cert_binary): return binary encoded 850178825Sdfr certificate (DER format) 851178825Sdfr 852233294Sstas2007-01-14 Love H��rnquist ��strand <lha@it.su.se> 853178825Sdfr 854178825Sdfr * ca.c (hx509_ca_tbs_subject_expand): new function. 855178825Sdfr 856178825Sdfr * name.c (hx509_name_expand): if env is NULL, return directly 857178825Sdfr 858178825Sdfr * test_ca.in: test template handling 859178825Sdfr 860178825Sdfr * hx509.h: Add template flags. 861178825Sdfr 862178825Sdfr * Makefile.am: clean out new files 863178825Sdfr 864178825Sdfr * hxtool.c: Add certificate template processing, fix hx509_err 865178825Sdfr usage. 866178825Sdfr 867178825Sdfr * hxtool-commands.in: Add certificate template processing. 868178825Sdfr 869178825Sdfr * ca.c: Add certificate template processing. Fix return messages 870178825Sdfr from hx509_ca_tbs_add_eku. 871178825Sdfr 872178825Sdfr * cert.c: Export more stuff from certificate. 873178825Sdfr 874233294Sstas2007-01-13 Love H��rnquist ��strand <lha@it.su.se> 875178825Sdfr 876178825Sdfr * ca.c: update (c) 877178825Sdfr 878178825Sdfr * ca.c: (hx509_ca_tbs_add_eku): filter out dups. 879178825Sdfr 880178825Sdfr * hxtool.c: Add type email and add email eku when using option 881178825Sdfr --email. 882178825Sdfr 883178825Sdfr * Makefile.am: add env.c 884178825Sdfr 885178825Sdfr * name.c: Remove abort, add error handling. 886178825Sdfr 887178825Sdfr * test_name.c: test name expansion 888178825Sdfr 889178825Sdfr * name.c: add hx509_name_expand 890178825Sdfr 891178825Sdfr * env.c: key-value pair help functions 892178825Sdfr 893233294Sstas2007-01-12 Love H��rnquist ��strand <lha@it.su.se> 894178825Sdfr 895178825Sdfr * ca.c: Don't issue certs with subject DN that is NULL and have no 896178825Sdfr SANs 897178825Sdfr 898178825Sdfr * print.c: Fix previous test. 899178825Sdfr 900178825Sdfr * print.c: Check there is a SAN if subject DN is NULL. 901178825Sdfr 902178825Sdfr * test_ca.in: test email, null subject dn 903178825Sdfr 904178825Sdfr * hxtool.c: Allow setting parameters to private key generation. 905178825Sdfr 906178825Sdfr * hx_locl.h: Allow setting parameters to private key generation. 907178825Sdfr 908178825Sdfr * crypto.c: Allow setting parameters to private key generation. 909178825Sdfr 910178825Sdfr * hxtool.c (eval_types): add jid if user gave one 911178825Sdfr 912178825Sdfr * hxtool-commands.in (certificate-sign): add --jid 913178825Sdfr 914178825Sdfr * ca.c (hx509_ca_tbs_add_san_jid): Allow adding 915178825Sdfr id-pkix-on-xmppAddr OtherName. 916178825Sdfr 917178825Sdfr * print.c: Print id-pkix-on-xmppAddr OtherName. 918178825Sdfr 919233294Sstas2007-01-11 Love H��rnquist ��strand <lha@it.su.se> 920178825Sdfr 921178825Sdfr * no random, no RSA/DH tests 922178825Sdfr 923178825Sdfr * hxtool.c (info): print status of random generator 924178825Sdfr 925178825Sdfr * Makefile.am: remove files created by tests 926178825Sdfr 927178825Sdfr * error.c: constify 928178825Sdfr 929178825Sdfr * name.c: constify 930178825Sdfr 931178825Sdfr * revoke.c: constify 932178825Sdfr 933178825Sdfr * hx_locl.h: constify 934178825Sdfr 935178825Sdfr * keyset.c: constify 936178825Sdfr 937178825Sdfr * ks_p11.c: constify 938178825Sdfr 939178825Sdfr * hx_locl.h: make printinfo char * argument const. 940178825Sdfr 941178825Sdfr * cms.c: move _hx509_set_digest_alg from cms.c to crypto.c since 942178825Sdfr its only used there. 943178825Sdfr 944178825Sdfr * crypto.c: remove no longer used stuff, move set_digest_alg here 945178825Sdfr from cms.c since its only used here. 946178825Sdfr 947178825Sdfr * Makefile.am: add data/test-nopw.p12 to EXTRA_DIST 948178825Sdfr 949233294Sstas2007-01-10 Love H��rnquist ��strand <lha@it.su.se> 950178825Sdfr 951178825Sdfr * print.c: BasicConstraints vs criticality bit is complicated and 952178825Sdfr not really possible to evaluate on its own, silly RFC3280. 953178825Sdfr 954178825Sdfr * ca.c: Make basicConstraints critical if this is a CA. 955178825Sdfr 956178825Sdfr * print.c: fix the version vs extension test 957178825Sdfr 958178825Sdfr * print.c: More validation checks. 959178825Sdfr 960178825Sdfr * name.c (hx509_name_cmp): add 961178825Sdfr 962233294Sstas2007-01-09 Love H��rnquist ��strand <lha@it.su.se> 963178825Sdfr 964178825Sdfr * ks_p11.c (collect_private_key): Missing CKA_MODULUS is ok 965178825Sdfr too (XXX why should these be fetched given they are not used). 966178825Sdfr 967178825Sdfr * test_ca.in: rename all files to PEM files, since that is what 968178825Sdfr they are. 969178825Sdfr 970178825Sdfr * hxtool.c: copy out the key with the self signed CA cert 971178825Sdfr 972178825Sdfr * Factor out private key operation out of the signing, operations, 973178825Sdfr support import, export, and generation of private keys. Add 974178825Sdfr support for writing PEM and PKCS12 files with private keys in them. 975178825Sdfr 976178825Sdfr * data/gen-req.sh: Generate a no password pkcs12 file. 977178825Sdfr 978233294Sstas2007-01-08 Love H��rnquist ��strand <lha@it.su.se> 979178825Sdfr 980178825Sdfr * cms.c: Check for internal ASN1 encoder error. 981178825Sdfr 982233294Sstas2007-01-05 Love H��rnquist ��strand <lha@it.su.se> 983178825Sdfr 984178825Sdfr * Makefile.am: Drop most of the pkcs11 files. 985178825Sdfr 986178825Sdfr * test_ca.in: test reissueing ca certificate (xxx time 987178825Sdfr validAfter). 988178825Sdfr 989178825Sdfr * hxtool.c: Allow setting serialNumber (needed for reissuing 990178825Sdfr certificates) Change --key argument to --out-key. 991178825Sdfr 992178825Sdfr * hxtool-commands.in (issue-certificate): Allow setting 993178825Sdfr serialNumber (needed for reissuing certificates), Change --key 994178825Sdfr argument to --out-key. 995178825Sdfr 996178825Sdfr * ref: Replace with Marcus Brinkmann of g10 Code GmbH pkcs11 997178825Sdfr headerfile that is compatible with GPL (file taken from scute) 998178825Sdfr 999233294Sstas2007-01-04 Love H��rnquist ��strand <lha@it.su.se> 1000178825Sdfr 1001178825Sdfr * test_ca.in: Test to generate key and use them. 1002178825Sdfr 1003178825Sdfr * hxtool.c: handle other keys the pkcs10 requested keys 1004178825Sdfr 1005178825Sdfr * hxtool-commands.in: add generate key commands 1006178825Sdfr 1007178825Sdfr * req.c (_hx509_request_to_pkcs10): PKCS10 needs to have a subject 1008178825Sdfr 1009178825Sdfr * hxtool-commands.in: Spelling. 1010178825Sdfr 1011178825Sdfr * ca.c (hx509_ca_tbs_set_proxy): allow negative pathLenConstraint 1012178825Sdfr to signal no limit 1013178825Sdfr 1014178825Sdfr * ks_file.c: Try all formats on the binary file before giving up, 1015178825Sdfr this way we can handle binary rsa keys too. 1016178825Sdfr 1017178825Sdfr * data/key2.der: new test key 1018178825Sdfr 1019178825Sdfr2007-01-04 David Love <fx@gnu.org> 1020178825Sdfr 1021178825Sdfr * Makefile.am (hxtool_LDADD): Add libasn1.la 1022178825Sdfr 1023178825Sdfr * hxtool.c (pcert_verify): Fix format string. 1024178825Sdfr 1025233294Sstas2006-12-31 Love H��rnquist ��strand <lha@it.su.se> 1026178825Sdfr 1027178825Sdfr * hxtool.c: Allow setting path length 1028178825Sdfr 1029178825Sdfr * cert.c: Fix test for proxy certs chain length, it was too 1030178825Sdfr restrictive. 1031178825Sdfr 1032178825Sdfr * data: regen 1033178825Sdfr 1034178825Sdfr * data/openssl.cnf: (proxy_cert) make length 0 1035178825Sdfr 1036178825Sdfr * test_ca.in: Issue a long living cert. 1037178825Sdfr 1038178825Sdfr * hxtool.c: add --lifetime to ca command. 1039178825Sdfr 1040178825Sdfr * hxtool-commands.in: add --lifetime to ca command. 1041178825Sdfr 1042178825Sdfr * ca.c: allow setting notBefore and notAfter. 1043178825Sdfr 1044178825Sdfr * test_ca.in: Test generation of proxy certificates. 1045178825Sdfr 1046178825Sdfr * ca.c: Allow generation of proxy certificates, always include 1047178825Sdfr BasicConstraints, fix error codes. 1048178825Sdfr 1049178825Sdfr * hxtool.c: Allow generation of proxy certificates. 1050178825Sdfr 1051178825Sdfr * test_name.c: make hx509_parse_name take a hx509_context. 1052178825Sdfr 1053178825Sdfr * name.c: Split building RDN to a separate function. 1054178825Sdfr 1055233294Sstas2006-12-30 Love H��rnquist ��strand <lha@it.su.se> 1056178825Sdfr 1057178825Sdfr * Makefile.am: clean test_ca files. 1058178825Sdfr 1059178825Sdfr * test_ca.in: test issuing self-signed and CA certificates. 1060178825Sdfr 1061178825Sdfr * hxtool.c: Add bits to allow issuing self-signed and CA 1062178825Sdfr certificates. 1063178825Sdfr 1064178825Sdfr * hxtool-commands.in: Add bits to allow issuing self-signed and CA 1065178825Sdfr certificates. 1066178825Sdfr 1067178825Sdfr * ca.c: Add bits to allow issuing CA certificates. 1068178825Sdfr 1069178825Sdfr * revoke.c: use new OCSPSigning. 1070178825Sdfr 1071178825Sdfr * ca.c: Add Subject Key Identifier. 1072178825Sdfr 1073178825Sdfr * ca.c: Add Authority Key Identifier. 1074178825Sdfr 1075178825Sdfr * cert.c: Locally export _hx509_find_extension_subject_key_id. 1076178825Sdfr Handle AuthorityKeyIdentifier where only authorityCertSerialNumber 1077178825Sdfr and authorityCertSerialNumber is set. 1078178825Sdfr 1079178825Sdfr * hxtool-commands.in: Add dnsname and rfc822 SANs. 1080178825Sdfr 1081178825Sdfr * test_ca.in: Test dnsname and rfc822 SANs. 1082178825Sdfr 1083178825Sdfr * ca.c: Add dnsname and rfc822 SANs. 1084178825Sdfr 1085178825Sdfr * hxtool.c: Add dnsname and rfc822 SANs. 1086178825Sdfr 1087178825Sdfr * test_ca.in: test adding eku, ku and san to the 1088178825Sdfr certificate (https and pk-init) 1089178825Sdfr 1090178825Sdfr * hxtool.c: Add eku, ku and san to the certificate. 1091178825Sdfr 1092178825Sdfr * ca.c: Add eku, ku and san to the certificate. 1093178825Sdfr 1094178825Sdfr * hxtool-commands.in: Add --type and --pk-init-principal 1095178825Sdfr 1096178825Sdfr * ocsp.asn1: remove id-kp-OCSPSigning, its in rfc2459.asn1 now 1097178825Sdfr 1098233294Sstas2006-12-29 Love H��rnquist ��strand <lha@it.su.se> 1099178825Sdfr 1100178825Sdfr * ca.c: Add KeyUsage extension. 1101178825Sdfr 1102178825Sdfr * Makefile.am: add ca.c, add sign-certificate tests. 1103178825Sdfr 1104178825Sdfr * crypto.c: Add _hx509_create_signature_bitstring. 1105178825Sdfr 1106178825Sdfr * hxtool-commands.in: Add the sign-certificate tool. 1107178825Sdfr 1108178825Sdfr * hxtool.c: Add the sign-certificate tool. 1109178825Sdfr 1110178825Sdfr * cert.c: Add HX509_QUERY_OPTION_KU_KEYCERTSIGN. 1111178825Sdfr 1112178825Sdfr * hx509.h: Add hx509_ca_tbs and HX509_QUERY_OPTION_KU_KEYCERTSIGN. 1113178825Sdfr 1114178825Sdfr * test_ca.in: Basic test of generating a pkcs10 request, signing 1115178825Sdfr it and verifying the chain. 1116178825Sdfr 1117178825Sdfr * ca.c: Naive certificate signer. 1118178825Sdfr 1119233294Sstas2006-12-28 Love H��rnquist ��strand <lha@it.su.se> 1120178825Sdfr 1121178825Sdfr * hxtool.c: add hxtool_hex 1122178825Sdfr 1123233294Sstas2006-12-22 Love H��rnquist ��strand <lha@it.su.se> 1124178825Sdfr 1125178825Sdfr * Makefile.am: use top_builddir for libasn1.la 1126178825Sdfr 1127233294Sstas2006-12-11 Love H��rnquist ��strand <lha@it.su.se> 1128178825Sdfr 1129178825Sdfr * hxtool.c (print_certificate): print serial number. 1130178825Sdfr 1131178825Sdfr * name.c (no): add S=stateOrProvinceName 1132178825Sdfr 1133233294Sstas2006-12-09 Love H��rnquist ��strand <lha@it.su.se> 1134178825Sdfr 1135178825Sdfr * crypto.c (_hx509_private_key_assign_rsa): set a default sig alg 1136178825Sdfr 1137178825Sdfr * ks_file.c (try_decrypt): pass down AlgorithmIdentifier that key 1138178825Sdfr uses to do sigatures so there is no need to hardcode RSA into this 1139178825Sdfr function. 1140178825Sdfr 1141233294Sstas2006-12-08 Love H��rnquist ��strand <lha@it.su.se> 1142178825Sdfr 1143178825Sdfr * ks_file.c: Pass filename to the parse functions and use it in 1144178825Sdfr the error messages 1145178825Sdfr 1146178825Sdfr * test_chain.in: test proxy cert (third level) 1147178825Sdfr 1148178825Sdfr * hx509_err.et: fix errorstring for PROXY_CERT_NAME_WRONG 1149178825Sdfr 1150178825Sdfr * data: regen 1151178825Sdfr 1152178825Sdfr * Makefile.am: EXTRA_DIST: add 1153178825Sdfr data/proxy10-child-child-test.{key,crt} 1154178825Sdfr 1155178825Sdfr * data/gen-req.sh: Fix names and restrictions on the proxy 1156178825Sdfr certificates 1157178825Sdfr 1158178825Sdfr * cert.c: Clairfy and make proxy cert handling work for multiple 1159178825Sdfr levels, before it was too restrictive. More helpful error message. 1160178825Sdfr 1161233294Sstas2006-12-07 Love H��rnquist ��strand <lha@it.su.se> 1162178825Sdfr 1163178825Sdfr * cert.c (check_key_usage): tell what keyusages are missing 1164178825Sdfr 1165178825Sdfr * print.c: Split OtherName printing code to a oid lookup and print 1166178825Sdfr function. 1167178825Sdfr 1168178825Sdfr * print.c (Time2string): print hour as hour not min 1169178825Sdfr 1170178825Sdfr * Makefile.am: CLEANFILES += test 1171178825Sdfr 1172233294Sstas2006-12-06 Love H��rnquist ��strand <lha@it.su.se> 1173178825Sdfr 1174178825Sdfr * Makefile.am (EXTRA_DIST): add data/pkinit-proxy* files 1175178825Sdfr 1176178825Sdfr * Makefile.am (EXTRA_DIST): add tst-crypto* files 1177178825Sdfr 1178178825Sdfr * cert.c (hx509_query_match_issuer_serial): make a copy of the 1179178825Sdfr data 1180178825Sdfr 1181178825Sdfr * cert.c (hx509_query_match_issuer_serial): allow matching on 1182178825Sdfr issuer and serial num 1183178825Sdfr 1184178825Sdfr * cert.c (_hx509_calculate_path): add flag to allow leaving out 1185178825Sdfr trust anchor 1186178825Sdfr 1187178825Sdfr * cms.c (hx509_cms_create_signed_1): when building the path, omit 1188178825Sdfr the trust anchors. 1189178825Sdfr 1190178825Sdfr * crypto.c (rsa_create_signature): Abort when signature is longer, 1191178825Sdfr not shorter. 1192178825Sdfr 1193178825Sdfr * cms.c: Provide time to _hx509_calculate_path so we don't send no 1194178825Sdfr longer valid certs to our peer. 1195178825Sdfr 1196178825Sdfr * cert.c (find_parent): when checking for certs and its not a 1197178825Sdfr trust anchor, require time be in range. 1198178825Sdfr (_hx509_query_match_cert): Add time validity-testing to query mask 1199178825Sdfr 1200178825Sdfr * hx_locl.h: add time validity-testing to query mask 1201178825Sdfr 1202178825Sdfr * test_cms.in: Tests for CMS SignedData with incomplete chain from 1203178825Sdfr the signer. 1204178825Sdfr 1205233294Sstas2006-11-28 Love H��rnquist ��strand <lha@it.su.se> 1206178825Sdfr 1207178825Sdfr * cms.c (hx509_cms_verify_signed): specify what signature we 1208178825Sdfr failed to verify 1209178825Sdfr 1210178825Sdfr * Makefile.am: Depend on LIB_com_err for AIX. 1211178825Sdfr 1212178825Sdfr * keyset.c: Remove anther strndup that causes AIX to fall over. 1213178825Sdfr 1214178825Sdfr * cert.c: Don't check the trust anchors expiration time since they 1215178825Sdfr are transported out of band, from RFC3820. 1216178825Sdfr 1217178825Sdfr * cms.c: sprinkle more error strings 1218178825Sdfr 1219178825Sdfr * crypto.c: sprinkle more error strings 1220178825Sdfr 1221178825Sdfr * hxtool.c: use unsigned int as counter to fit better with the 1222178825Sdfr asn1 compiler 1223178825Sdfr 1224178825Sdfr * crypto.c: use unsigned int as counter to fit better with the 1225178825Sdfr asn1 compiler 1226178825Sdfr 1227233294Sstas2006-11-27 Love H��rnquist ��strand <lha@it.su.se> 1228178825Sdfr 1229178825Sdfr * cms.c: Remove trailing white space. 1230178825Sdfr 1231178825Sdfr * crypto.c: rewrite comment to make more sense 1232178825Sdfr 1233178825Sdfr * crypto.c (hx509_crypto_select): check sig_algs[j]->key_oid 1234178825Sdfr 1235178825Sdfr * hxtool-commands.in (crypto-available): add --type 1236178825Sdfr 1237178825Sdfr * crypto.c (hx509_crypto_available): let alg pass if its keyless 1238178825Sdfr 1239178825Sdfr * hxtool-commands.in: Expand crypto-select 1240178825Sdfr 1241178825Sdfr * cms.c: Rename hx509_select to hx509_crypto_select. 1242178825Sdfr 1243178825Sdfr * hxtool-commands.in: Add crypto-select and crypto-available. 1244178825Sdfr 1245178825Sdfr * hxtool.c: Add crypto-select and crypto-available. 1246178825Sdfr 1247178825Sdfr * crypto.c (hx509_crypto_available): use right index. 1248178825Sdfr (hx509_crypto_free_algs): new function 1249178825Sdfr 1250178825Sdfr * crypto.c (hx509_crypto_select): improve 1251178825Sdfr (hx509_crypto_available): new function 1252178825Sdfr 1253233294Sstas2006-11-26 Love H��rnquist ��strand <lha@it.su.se> 1254178825Sdfr 1255178825Sdfr * cert.c: Sprinkle more error string and hx509_contexts. 1256178825Sdfr 1257178825Sdfr * cms.c: Sprinkle more error strings. 1258178825Sdfr 1259178825Sdfr * crypto.c: Sprinkle error string and hx509_contexts. 1260178825Sdfr 1261178825Sdfr * crypto.c: Add some more comments about how this works. 1262178825Sdfr 1263178825Sdfr * crypto.c (hx509_select): new function. 1264178825Sdfr 1265178825Sdfr * Makefile.am: add peer.c 1266178825Sdfr 1267178825Sdfr * hxtool.c: Update hx509_cms_create_signed_1. 1268178825Sdfr 1269178825Sdfr * hx_locl.h: add struct hx509_peer_info 1270178825Sdfr 1271178825Sdfr * peer.c: Allow selection of digest/sig-alg 1272178825Sdfr 1273178825Sdfr * cms.c: Allow selection of a better digest using hx509_peer_info. 1274178825Sdfr 1275178825Sdfr * revoke.c: Handle that _hx509_verify_signature takes a context. 1276178825Sdfr 1277178825Sdfr * cert.c: Handle that _hx509_verify_signature takes a context. 1278178825Sdfr 1279233294Sstas2006-11-25 Love H��rnquist ��strand <lha@it.su.se> 1280178825Sdfr 1281178825Sdfr * cms.c: Sprinkle error strings. 1282178825Sdfr 1283178825Sdfr * crypto.c: Sprinkle context and error strings. 1284178825Sdfr 1285233294Sstas2006-11-24 Love H��rnquist ��strand <lha@it.su.se> 1286178825Sdfr 1287178825Sdfr * name.c: Handle printing and parsing raw oids in name. 1288178825Sdfr 1289233294Sstas2006-11-23 Love H��rnquist ��strand <lha@it.su.se> 1290178825Sdfr 1291178825Sdfr * cert.c (_hx509_calculate_path): allow to calculate optimistic 1292178825Sdfr path when we don't know the trust anchors, just follow the chain 1293178825Sdfr upward until we no longer find a parent or we hit the max limit. 1294178825Sdfr 1295178825Sdfr * cms.c (hx509_cms_create_signed_1): provide a best effort path to 1296178825Sdfr the trust anchors to be stored in the SignedData packet, if find 1297178825Sdfr parents until trust anchor or max length. 1298178825Sdfr 1299178825Sdfr * data: regen 1300178825Sdfr 1301178825Sdfr * data/gen-req.sh: Build pk-init proxy cert. 1302178825Sdfr 1303233294Sstas2006-11-16 Love H��rnquist ��strand <lha@it.su.se> 1304178825Sdfr 1305178825Sdfr * error.c (hx509_get_error_string): Put ", " between strings in 1306178825Sdfr error message. 1307178825Sdfr 1308233294Sstas2006-11-13 Love H��rnquist ��strand <lha@it.su.se> 1309178825Sdfr 1310178825Sdfr * data/openssl.cnf: Change realm to TEST.H5L.SE 1311178825Sdfr 1312233294Sstas2006-11-07 Love H��rnquist ��strand <lha@it.su.se> 1313178825Sdfr 1314178825Sdfr * revoke.c: Sprinkle error strings. 1315178825Sdfr 1316233294Sstas2006-11-04 Love H��rnquist ��strand <lha@it.su.se> 1317178825Sdfr 1318178825Sdfr * hx_locl.h: add context variable to cmp function. 1319178825Sdfr 1320178825Sdfr * cert.c (hx509_query_match_cmp_func): allow setting the match 1321178825Sdfr function. 1322178825Sdfr 1323233294Sstas2006-10-24 Love H��rnquist ��strand <lha@it.su.se> 1324178825Sdfr 1325178825Sdfr * ks_p11.c: Return less EINVAL. 1326178825Sdfr 1327178825Sdfr * hx509_err.et: add more pkcs11 errors 1328178825Sdfr 1329178825Sdfr * hx509_err.et: more error-codes 1330178825Sdfr 1331178825Sdfr * revoke.c: Return less EINVAL. 1332178825Sdfr 1333178825Sdfr * ks_dir.c: sprinkel more hx509_set_error_string 1334178825Sdfr 1335178825Sdfr * ks_file.c: Return less EINVAL. 1336178825Sdfr 1337178825Sdfr * hxtool.c: Pass in context to _hx509_parse_private_key. 1338178825Sdfr 1339178825Sdfr * ks_file.c: Sprinkle more hx509_context so we can return propper 1340178825Sdfr errors. 1341178825Sdfr 1342178825Sdfr * hx509_err.et: add HX509_PARSING_KEY_FAILED 1343178825Sdfr 1344178825Sdfr * crypto.c: Sprinkle more hx509_context so we can return propper 1345178825Sdfr errors. 1346178825Sdfr 1347178825Sdfr * collector.c: No more EINVAL. 1348178825Sdfr 1349178825Sdfr * hx509_err.et: add HX509_LOCAL_ATTRIBUTE_MISSING 1350178825Sdfr 1351178825Sdfr * cert.c (hx509_cert_get_base_subject): one less EINVAL 1352178825Sdfr (_hx509_cert_private_decrypt): one less EINVAL 1353178825Sdfr 1354233294Sstas2006-10-22 Love H��rnquist ��strand <lha@it.su.se> 1355178825Sdfr 1356178825Sdfr * collector.c: indent 1357178825Sdfr 1358178825Sdfr * hxtool.c: Try to not leak memory. 1359178825Sdfr 1360178825Sdfr * req.c: clean memory before free 1361178825Sdfr 1362178825Sdfr * crypto.c (_hx509_private_key2SPKI): indent 1363178825Sdfr 1364178825Sdfr * req.c: Try to not leak memory. 1365178825Sdfr 1366233294Sstas2006-10-21 Love H��rnquist ��strand <lha@it.su.se> 1367178825Sdfr 1368178825Sdfr * test_crypto.in: Read 50 kilobyte random data 1369178825Sdfr 1370178825Sdfr * revoke.c: Try to not leak memory. 1371178825Sdfr 1372178825Sdfr * hxtool.c: Try to not leak memory. 1373178825Sdfr 1374178825Sdfr * crypto.c (hx509_crypto_destroy): free oid. 1375178825Sdfr 1376178825Sdfr * error.c: Clean error string on failure just to make sure. 1377178825Sdfr 1378178825Sdfr * cms.c: Try to not leak memory (again). 1379178825Sdfr 1380178825Sdfr * hxtool.c: use a sensable content type 1381178825Sdfr 1382178825Sdfr * cms.c: Try harder to free certificate. 1383178825Sdfr 1384233294Sstas2006-10-20 Love H��rnquist ��strand <lha@it.su.se> 1385178825Sdfr 1386178825Sdfr * Makefile.am: Add make check data. 1387178825Sdfr 1388233294Sstas2006-10-19 Love H��rnquist ��strand <lha@it.su.se> 1389178825Sdfr 1390178825Sdfr * ks_p11.c (p11_list_keys): make element of search_data[0] 1391178825Sdfr constants and set them later 1392178825Sdfr 1393178825Sdfr * Makefile.am: Add more files. 1394178825Sdfr 1395233294Sstas2006-10-17 Love H��rnquist ��strand <lha@it.su.se> 1396178825Sdfr 1397178825Sdfr * ks_file.c: set ret, remember to free ivdata 1398178825Sdfr 1399233294Sstas2006-10-16 Love H��rnquist ��strand <lha@it.su.se> 1400178825Sdfr 1401178825Sdfr * hx_locl.h: Include <parse_bytes.h>. 1402178825Sdfr 1403178825Sdfr * test_crypto.in: Test random-data. 1404178825Sdfr 1405178825Sdfr * hxtool.c: RAND_bytes() return 1 for cryptographic strong data, 1406178825Sdfr check for that. 1407178825Sdfr 1408178825Sdfr * Makefile.am: clean random-data 1409178825Sdfr 1410178825Sdfr * hxtool.c: Add random-data command, use sl_slc_help. 1411178825Sdfr 1412178825Sdfr * hxtool-commands.in: Add random-data. 1413178825Sdfr 1414178825Sdfr * ks_p12.c: Remember to release certs. 1415178825Sdfr 1416178825Sdfr * ks_p11.c: Remember to release certs. 1417178825Sdfr 1418233294Sstas2006-10-14 Love H��rnquist ��strand <lha@it.su.se> 1419178825Sdfr 1420178825Sdfr * prefix der primitives with der_ 1421178825Sdfr 1422178825Sdfr * lock.c: Match the prompt type PROMPT exact. 1423178825Sdfr 1424178825Sdfr * hx_locl.h: Drop heim_any.h 1425178825Sdfr 1426233294Sstas2006-10-11 Love H��rnquist ��strand <lha@it.su.se> 1427178825Sdfr 1428178825Sdfr * ks_p11.c (p11_release_module): j needs to be used as inter loop 1429178825Sdfr index. From Douglas Engert. 1430178825Sdfr 1431178825Sdfr * ks_file.c (parse_rsa_private_key): try all passwords and 1432178825Sdfr prompter. 1433178825Sdfr 1434233294Sstas2006-10-10 Love H��rnquist ��strand <lha@it.su.se> 1435178825Sdfr 1436178825Sdfr * test_*.in: Parameterise the invocation of hxtool, so we can make 1437178825Sdfr it run under TESTS_ENVIRONMENT. From Andrew Bartlett 1438178825Sdfr 1439233294Sstas2006-10-08 Love H��rnquist ��strand <lha@it.su.se> 1440178825Sdfr 1441178825Sdfr * test_crypto.in: Put all test stuck at 2006-09-25 since all their 1442178825Sdfr chains where valied then. 1443178825Sdfr 1444178825Sdfr * hxtool.c: Implement --time= option. 1445178825Sdfr 1446178825Sdfr * hxtool-commands.in: Add option time. 1447178825Sdfr 1448178825Sdfr * Makefile.am: test_name is a PROGRAM_TESTS 1449178825Sdfr 1450178825Sdfr * ks_p11.c: Return HX509_PKCS11_NO_SLOT when there are no slots 1451178825Sdfr and HX509_PKCS11_NO_TOKEN when there are no token. For use in PAM 1452178825Sdfr modules that want to detect when to use smartcard login and when 1453178825Sdfr not to. Patched based on code from Douglas Engert. 1454178825Sdfr 1455178825Sdfr * hx509_err.et: Add new pkcs11 related errors in a new section: 1456178825Sdfr keystore related error. Patched based on code from Douglas 1457178825Sdfr Engert. 1458178825Sdfr 1459233294Sstas2006-10-07 Love H��rnquist ��strand <lha@it.su.se> 1460178825Sdfr 1461178825Sdfr * Makefile.am: Make depenency for slc built files just like 1462178825Sdfr everywhere else. 1463178825Sdfr 1464178825Sdfr * cert.c: Add all openssl algs and init asn1 et 1465178825Sdfr 1466233294Sstas2006-10-06 Love H��rnquist ��strand <lha@it.su.se> 1467178825Sdfr 1468178825Sdfr * ks_file.c (parse_rsa_private_key): free type earlier. 1469178825Sdfr 1470178825Sdfr * ks_file.c (parse_rsa_private_key): free type after use 1471178825Sdfr 1472178825Sdfr * name.c (_hx509_Name_to_string): remove dup const 1473178825Sdfr 1474233294Sstas2006-10-02 Love H��rnquist ��strand <lha@it.su.se> 1475178825Sdfr 1476178825Sdfr * Makefile.am: Add more libs to libhx509 1477178825Sdfr 1478233294Sstas2006-10-01 Love H��rnquist ��strand <lha@it.su.se> 1479178825Sdfr 1480178825Sdfr * ks_p11.c: Fix double free's, NULL ptr de-reference, and conform 1481178825Sdfr better to pkcs11. From Douglas Engert. 1482178825Sdfr 1483178825Sdfr * ref: remove ^M, it breaks solaris 10s cc. From Harald Barth 1484178825Sdfr 1485233294Sstas2006-09-19 Love H��rnquist ��strand <lha@it.su.se> 1486178825Sdfr 1487178825Sdfr * test_crypto.in: Bleichenbacher bad cert from Ralf-Philipp 1488178825Sdfr Weinmann and Andrew Pyshkin, pad right. 1489178825Sdfr 1490178825Sdfr * data: starfield test root cert and Ralf-Philipp and Andreis 1491178825Sdfr correctly padded bad cert 1492178825Sdfr 1493233294Sstas2006-09-15 Love H��rnquist ��strand <lha@it.su.se> 1494178825Sdfr 1495178825Sdfr * test_crypto.in: Add test for yutaka certs. 1496178825Sdfr 1497178825Sdfr * cert.c: Add a strict rfc3280 verification flag. rfc3280 requires 1498178825Sdfr certificates to have KeyUsage.keyCertSign if they are to be used 1499178825Sdfr for signing of certificates, but the step in the verifiation is 1500178825Sdfr optional. 1501178825Sdfr 1502178825Sdfr * hxtool.c: Improve printing and error reporting. 1503178825Sdfr 1504233294Sstas2006-09-13 Love H��rnquist ��strand <lha@it.su.se> 1505178825Sdfr 1506178825Sdfr * test_crypto.in,Makefile.am,data/bleichenbacher-{bad,good}.pem: 1507178825Sdfr test bleichenbacher from eay 1508178825Sdfr 1509233294Sstas2006-09-12 Love H��rnquist ��strand <lha@it.su.se> 1510178825Sdfr 1511178825Sdfr * hxtool.c: Make common function for all getarg_strings and 1512178825Sdfr hx509_certs_append commonly used. 1513178825Sdfr 1514178825Sdfr * cms.c: HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT is a negative 1515178825Sdfr flag, treat it was such. 1516178825Sdfr 1517233294Sstas2006-09-11 Love H��rnquist ��strand <lha@it.su.se> 1518178825Sdfr 1519178825Sdfr * req.c: Use the new add_GeneralNames function. 1520178825Sdfr 1521178825Sdfr * hx509.h: Add HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT. 1522178825Sdfr 1523178825Sdfr * ks_p12.c: Adapt to new signature of hx509_cms_unenvelope. 1524178825Sdfr 1525178825Sdfr * hxtool.c: Adapt to new signature of hx509_cms_unenvelope. 1526178825Sdfr 1527178825Sdfr * cms.c: Allow passing in encryptedContent and flag. Add new flag 1528178825Sdfr HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT. 1529178825Sdfr 1530233294Sstas2006-09-08 Love H��rnquist ��strand <lha@it.su.se> 1531178825Sdfr 1532178825Sdfr * ks_p11.c: cast void * to char * when using it for %s formating 1533178825Sdfr in printf. 1534178825Sdfr 1535178825Sdfr * name.c: New function _hx509_Name_to_string. 1536178825Sdfr 1537233294Sstas2006-09-07 Love H��rnquist ��strand <lha@it.su.se> 1538178825Sdfr 1539178825Sdfr * ks_file.c: Sprinkle error messages. 1540178825Sdfr 1541178825Sdfr * cms.c: Sprinkle even more error messages. 1542178825Sdfr 1543178825Sdfr * cms.c: Sprinkle some error messages. 1544178825Sdfr 1545178825Sdfr * cms.c (find_CMSIdentifier): only free string when we allocated 1546178825Sdfr one. 1547178825Sdfr 1548178825Sdfr * ks_p11.c: Don't build most of the pkcs11 module if there are no 1549178825Sdfr dlopen(). 1550178825Sdfr 1551233294Sstas2006-09-06 Love H��rnquist ��strand <lha@it.su.se> 1552178825Sdfr 1553178825Sdfr * cms.c (hx509_cms_unenvelope): try to save the error string from 1554178825Sdfr find_CMSIdentifier so we have one more bit of information what 1555178825Sdfr went wrong. 1556178825Sdfr 1557178825Sdfr * hxtool.c: More pretty printing, make verify_signed return the 1558178825Sdfr error string from the library. 1559178825Sdfr 1560178825Sdfr * cms.c: Try returning what certificates failed to parse or be 1561178825Sdfr found. 1562178825Sdfr 1563178825Sdfr * ks_p11.c (p11_list_keys): fetch CKA_LABEL and use it to set the 1564178825Sdfr friendlyname for the certificate. 1565178825Sdfr 1566233294Sstas2006-09-05 Love H��rnquist ��strand <lha@it.su.se> 1567178825Sdfr 1568178825Sdfr * crypto.c: check that there are no extra bytes in the checksum 1569178825Sdfr and that the parameters are NULL or the NULL-type. All to avoid 1570178825Sdfr having excess data that can be used to fake the signature. 1571178825Sdfr 1572178825Sdfr * hxtool.c: print keyusage 1573178825Sdfr 1574178825Sdfr * print.c: add hx509_cert_keyusage_print, simplify oid printing 1575178825Sdfr 1576178825Sdfr * cert.c: add _hx509_cert_get_keyusage 1577178825Sdfr 1578178825Sdfr * ks_p11.c: keep one session around for the whole life of the keyset 1579178825Sdfr 1580178825Sdfr * test_query.in: tests more selection 1581178825Sdfr 1582178825Sdfr * hxtool.c: improve pretty printing in print and query 1583178825Sdfr 1584178825Sdfr * hxtool{.c,-commands.in}: add selection on KU and printing to query 1585178825Sdfr 1586178825Sdfr * test_cms.in: Add cms test for digitalSignature and 1587178825Sdfr keyEncipherment certs. 1588178825Sdfr 1589178825Sdfr * name.c (no): Add serialNumber 1590178825Sdfr 1591178825Sdfr * ks_p11.c (p11_get_session): return better error messages 1592178825Sdfr 1593233294Sstas2006-09-04 Love H��rnquist ��strand <lha@it.su.se> 1594178825Sdfr 1595178825Sdfr * ref: update to pkcs11 reference files 2.20 1596178825Sdfr 1597178825Sdfr * ks_p11.c: add more mechflags 1598178825Sdfr 1599178825Sdfr * name.c (no): add OU and sort 1600178825Sdfr 1601178825Sdfr * revoke.c: pass context to _hx509_create_signature 1602178825Sdfr 1603178825Sdfr * ks_p11.c (p11_printinfo): print proper plural s 1604178825Sdfr 1605178825Sdfr * ks_p11.c: save the mechs supported when initing the token, print 1606178825Sdfr them in printinfo. 1607178825Sdfr 1608178825Sdfr * hx_locl.h: Include <parse_units.h>. 1609178825Sdfr 1610178825Sdfr * cms.c: pass context to _hx509_create_signature 1611178825Sdfr 1612178825Sdfr * req.c: pass context to _hx509_create_signature 1613178825Sdfr 1614178825Sdfr * keyset.c (hx509_certs_info): print information about the keyset. 1615178825Sdfr 1616178825Sdfr * hxtool.c (pcert_print) print keystore info when --info flag is 1617178825Sdfr given. 1618178825Sdfr 1619178825Sdfr * hxtool-commands.in: Add hxtool print --info. 1620178825Sdfr 1621178825Sdfr * test_query.in: Test hxtool print --info. 1622178825Sdfr 1623178825Sdfr * hx_locl.h (hx509_keyset_ops): add printinfo 1624178825Sdfr 1625178825Sdfr * crypto.c: Start to hang the private key operations of the 1626178825Sdfr private key, pass hx509_context to create_checksum. 1627178825Sdfr 1628233294Sstas2006-05-29 Love H��rnquist ��strand <lha@it.su.se> 1629178825Sdfr 1630178825Sdfr * ks_p11.c: Iterate over all slots, not just the first/selected 1631178825Sdfr one. 1632178825Sdfr 1633233294Sstas2006-05-27 Love H��rnquist ��strand <lha@it.su.se> 1634178825Sdfr 1635178825Sdfr * cert.c: Add release function for certifiates so backend knowns 1636178825Sdfr when its no longer used. 1637178825Sdfr 1638178825Sdfr * ks_p11.c: Add reference counting on certifiates, push out 1639178825Sdfr CK_SESSION_HANDLE from slot. 1640178825Sdfr 1641178825Sdfr * cms.c: sprinkle more hx509_clear_error_string 1642178825Sdfr 1643233294Sstas2006-05-22 Love H��rnquist ��strand <lha@it.su.se> 1644178825Sdfr 1645178825Sdfr * ks_p11.c: Sprinkle some hx509_set_error_strings 1646178825Sdfr 1647233294Sstas2006-05-13 Love H��rnquist ��strand <lha@it.su.se> 1648178825Sdfr 1649178825Sdfr * hxtool.c: Avoid shadowing. 1650178825Sdfr 1651178825Sdfr * revoke.c: Avoid shadowing. 1652178825Sdfr 1653178825Sdfr * ks_file.c: Avoid shadowing. 1654178825Sdfr 1655178825Sdfr * cert.c: Avoid shadowing. 1656178825Sdfr 1657233294Sstas2006-05-12 Love H��rnquist ��strand <lha@it.su.se> 1658178825Sdfr 1659178825Sdfr * lock.c (hx509_prompt_hidden): reshuffle to avoid gcc warning 1660178825Sdfr 1661178825Sdfr * hx509.h: Reshuffle the prompter types, remove the hidden field. 1662178825Sdfr 1663178825Sdfr * lock.c (hx509_prompt_hidden): return if the prompt should be 1664178825Sdfr hidden or not 1665178825Sdfr 1666178825Sdfr * revoke.c (hx509_revoke_free): allow free of NULL. 1667178825Sdfr 1668233294Sstas2006-05-11 Love H��rnquist ��strand <lha@it.su.se> 1669178825Sdfr 1670178825Sdfr * ks_file.c (file_init): Avoid shadowing ret (and thus avoiding 1671178825Sdfr crashing). 1672178825Sdfr 1673178825Sdfr * ks_dir.c: Implement DIR: caches useing FILE: caches. 1674178825Sdfr 1675178825Sdfr * ks_p11.c: Catch more errors. 1676178825Sdfr 1677233294Sstas2006-05-08 Love H��rnquist ��strand <lha@it.su.se> 1678178825Sdfr 1679178825Sdfr * crypto.c (hx509_crypto_encrypt): free correctly in error 1680178825Sdfr path. From Andrew Bartlett. 1681178825Sdfr 1682178825Sdfr * crypto.c: If RAND_bytes fails, then we will attempt to 1683178825Sdfr double-free crypt->key.data. From Andrew Bartlett. 1684178825Sdfr 1685233294Sstas2006-05-05 Love H��rnquist ��strand <lha@it.su.se> 1686178825Sdfr 1687178825Sdfr * name.c: Rename u_intXX_t to uintXX_t 1688178825Sdfr 1689233294Sstas2006-05-03 Love H��rnquist ��strand <lha@it.su.se> 1690178825Sdfr 1691178825Sdfr * TODO: More to do about the about the PKCS11 code. 1692178825Sdfr 1693178825Sdfr * ks_p11.c: Use the prompter from the lock function. 1694178825Sdfr 1695178825Sdfr * lock.c: Deal with that hx509_prompt.reply is no longer a 1696178825Sdfr pointer. 1697178825Sdfr 1698178825Sdfr * hx509.h: Make hx509_prompt.reply not a pointer. 1699178825Sdfr 1700233294Sstas2006-05-02 Love H��rnquist ��strand <lha@it.su.se> 1701178825Sdfr 1702178825Sdfr * keyset.c: Sprinkle setting error strings. 1703178825Sdfr 1704178825Sdfr * crypto.c: Sprinkle setting error strings. 1705178825Sdfr 1706178825Sdfr * collector.c: Sprinkle setting error strings. 1707178825Sdfr 1708178825Sdfr * cms.c: Sprinkle setting error strings. 1709178825Sdfr 1710233294Sstas2006-05-01 Love H��rnquist ��strand <lha@it.su.se> 1711178825Sdfr 1712178825Sdfr * test_name.c: renamed one error code 1713178825Sdfr 1714178825Sdfr * name.c: renamed one error code 1715178825Sdfr 1716178825Sdfr * ks_p11.c: _hx509_set_cert_attribute changed signature 1717178825Sdfr 1718178825Sdfr * hxtool.c (pcert_print): use hx509_err so I can test it 1719178825Sdfr 1720178825Sdfr * error.c (hx509_set_error_stringv): clear errors on malloc 1721178825Sdfr failure 1722178825Sdfr 1723178825Sdfr * hx509_err.et: Add some more errors 1724178825Sdfr 1725178825Sdfr * cert.c: Sprinkle setting error strings. 1726178825Sdfr 1727178825Sdfr * cms.c: _hx509_path_append changed signature. 1728178825Sdfr 1729178825Sdfr * revoke.c: changed signature of _hx509_check_key_usage 1730178825Sdfr 1731178825Sdfr * keyset.c: changed signature of _hx509_query_match_cert 1732178825Sdfr 1733178825Sdfr * hx509.h: Add support for error strings. 1734178825Sdfr 1735178825Sdfr * cms.c: changed signature of _hx509_check_key_usage 1736178825Sdfr 1737178825Sdfr * Makefile.am: ibhx509_la_files += error.c 1738178825Sdfr 1739178825Sdfr * ks_file.c: Sprinkel setting error strings. 1740178825Sdfr 1741178825Sdfr * cert.c: Sprinkel setting error strings. 1742178825Sdfr 1743178825Sdfr * hx_locl.h: Add support for error strings. 1744178825Sdfr 1745178825Sdfr * error.c: Add string error handling functions. 1746178825Sdfr 1747178825Sdfr * keyset.c (hx509_certs_init): pass the right error code back 1748178825Sdfr 1749233294Sstas2006-04-30 Love H��rnquist ��strand <lha@it.su.se> 1750178825Sdfr 1751178825Sdfr * revoke.c: Revert previous patch. 1752178825Sdfr (hx509_ocsp_verify): new function that returns the expiration of 1753178825Sdfr certificate in ocsp data-blob 1754178825Sdfr 1755178825Sdfr * cert.c: Reverse previous patch, lets do it another way. 1756178825Sdfr 1757178825Sdfr * cert.c (hx509_revoke_verify): update usage 1758178825Sdfr 1759178825Sdfr * revoke.c: Make compile. 1760178825Sdfr 1761178825Sdfr * revoke.c: Add the expiration time the crl/ocsp info expire 1762178825Sdfr 1763178825Sdfr * name.c: Add hx509_name_is_null_p 1764178825Sdfr 1765178825Sdfr * cert.c: remove _hx509_cert_private_sigature 1766178825Sdfr 1767233294Sstas2006-04-29 Love H��rnquist ��strand <lha@it.su.se> 1768178825Sdfr 1769178825Sdfr * name.c: Expose more of Name. 1770178825Sdfr 1771178825Sdfr * hxtool.c (main): add missing argument to printf 1772178825Sdfr 1773178825Sdfr * data/openssl.cnf: Add EKU for the KDC certificate 1774178825Sdfr 1775178825Sdfr * cert.c (hx509_cert_get_base_subject): reject un-canon proxy 1776178825Sdfr certs, not the reverse 1777178825Sdfr (add_to_list): constify and fix argument order to 1778178825Sdfr copy_octet_string 1779178825Sdfr (hx509_cert_find_subjectAltName_otherName): make work 1780178825Sdfr 1781233294Sstas2006-04-28 Love H��rnquist ��strand <lha@it.su.se> 1782178825Sdfr 1783178825Sdfr * data/{pkinit,kdc}.{crt,key}: pkinit certificates 1784178825Sdfr 1785178825Sdfr * data/gen-req.sh: Generate pkinit certificates. 1786178825Sdfr 1787178825Sdfr * data/openssl.cnf: Add pkinit glue. 1788178825Sdfr 1789178825Sdfr * cert.c (hx509_verify_hostname): implement stub function 1790178825Sdfr 1791233294Sstas2006-04-27 Love H��rnquist ��strand <lha@it.su.se> 1792178825Sdfr 1793178825Sdfr * TODO: CRL delta support 1794178825Sdfr 1795233294Sstas2006-04-26 Love H��rnquist ��strand <lha@it.su.se> 1796178825Sdfr 1797178825Sdfr * data/.cvsignore: ignore leftover from OpenSSL cert generation 1798178825Sdfr 1799178825Sdfr * hx509_err.et: Add name malformated error 1800178825Sdfr 1801178825Sdfr * name.c (hx509_parse_name): don't abort on error, rather return 1802178825Sdfr error 1803178825Sdfr 1804178825Sdfr * test_name.c: Test failure parsing name. 1805178825Sdfr 1806178825Sdfr * cert.c: When verifying certificates, store subject basename for 1807178825Sdfr later consumption. 1808178825Sdfr 1809178825Sdfr * test_name.c: test to parse and print name and check that they 1810178825Sdfr are the same. 1811178825Sdfr 1812178825Sdfr * name.c (hx509_parse_name): fix length argument to printf string 1813178825Sdfr 1814178825Sdfr * name.c (hx509_parse_name): fix length argument to stringtooid, 1 1815178825Sdfr too short. 1816178825Sdfr 1817178825Sdfr * cert.c: remove debug printf's 1818178825Sdfr 1819178825Sdfr * name.c (hx509_parse_name): make compile pre c99 1820178825Sdfr 1821178825Sdfr * data/gen-req.sh: OpenSSL have a serious issue of user confusion 1822178825Sdfr -subj in -ca takes the arguments in LDAP order. -subj for x509 1823178825Sdfr takes it in x509 order. 1824178825Sdfr 1825178825Sdfr * cert.c (hx509_verify_path): handle the case where the where two 1826178825Sdfr proxy certs in a chain. 1827178825Sdfr 1828178825Sdfr * test_chain.in: enable two proxy certificates in a chain test 1829178825Sdfr 1830178825Sdfr * test_chain.in: tests proxy certificates 1831178825Sdfr 1832178825Sdfr * data: re-gen 1833178825Sdfr 1834178825Sdfr * data/gen-req.sh: build proxy certificates 1835178825Sdfr 1836178825Sdfr * data/openssl.cnf: add def for proxy10_cert 1837178825Sdfr 1838178825Sdfr * hx509_err.et: Add another proxy certificate error. 1839178825Sdfr 1840178825Sdfr * cert.c (hx509_verify_path): Need to mangle name to remove the CN 1841178825Sdfr of the subject, copying issuer only works for one level but is 1842178825Sdfr better then doing no checking at all. 1843178825Sdfr 1844178825Sdfr * hxtool.c: Add verify --allow-proxy-certificate. 1845178825Sdfr 1846178825Sdfr * hxtool-commands.in: add verify --allow-proxy-certificate 1847178825Sdfr 1848178825Sdfr * hx509_err.et: Add proxy certificate errors. 1849178825Sdfr 1850178825Sdfr * cert.c: Fix comment about subject name of proxy certificate. 1851178825Sdfr 1852178825Sdfr * test_chain.in: tests for proxy certs 1853178825Sdfr 1854178825Sdfr * data/gen-req.sh: gen proxy and non-proxy tests certificates 1855178825Sdfr 1856178825Sdfr * data/openssl.cnf: Add definition for proxy certs 1857178825Sdfr 1858178825Sdfr * data/*proxy-test.*: Add proxy certificates 1859178825Sdfr 1860178825Sdfr * cert.c (hx509_verify_path): verify proxy certificate have no san 1861178825Sdfr or ian 1862178825Sdfr 1863178825Sdfr * cert.c (hx509_verify_set_proxy_certificate): Add 1864178825Sdfr (*): rename policy cert to proxy cert 1865178825Sdfr 1866178825Sdfr * cert.c: Initial support for proxy certificates. 1867178825Sdfr 1868233294Sstas2006-04-24 Love H��rnquist ��strand <lha@it.su.se> 1869178825Sdfr 1870178825Sdfr * hxtool.c: some error checking 1871178825Sdfr 1872178825Sdfr * name.c: Switch over to asn1 generaed oids. 1873178825Sdfr 1874178825Sdfr * TODO: merge with old todo file 1875178825Sdfr 1876233294Sstas2006-04-23 Love H��rnquist ��strand <lha@it.su.se> 1877178825Sdfr 1878178825Sdfr * test_query.in: make quiet 1879178825Sdfr 1880178825Sdfr * test_req.in: SKIP test if there is no RSA support. 1881178825Sdfr 1882178825Sdfr * hxtool.c: print dh method too 1883178825Sdfr 1884178825Sdfr * test_chain.in: SKIP test if there is no RSA support. 1885178825Sdfr 1886178825Sdfr * test_cms.in: SKIP test if there is no RSA support. 1887178825Sdfr 1888178825Sdfr * test_nist.in: SKIP test if there is no RSA support. 1889178825Sdfr 1890233294Sstas2006-04-22 Love H��rnquist ��strand <lha@it.su.se> 1891178825Sdfr 1892178825Sdfr * hxtool-commands.in: Allow passing in pool and anchor to 1893178825Sdfr signedData 1894178825Sdfr 1895178825Sdfr * hxtool.c: Allow passing in pool and anchor to signedData 1896178825Sdfr 1897178825Sdfr * test_cms.in: Test that certs in signed data is picked up. 1898178825Sdfr 1899178825Sdfr * hx_locl.h: Expose the path building function to internal 1900178825Sdfr functions. 1901178825Sdfr 1902178825Sdfr * cert.c: Expose the path building function to internal functions. 1903178825Sdfr 1904178825Sdfr * hxtool-commands.in: cms-envelope: Add support for choosing the 1905178825Sdfr encryption type 1906178825Sdfr 1907178825Sdfr * hxtool.c (cms_create_enveloped): Add support for choosing the 1908178825Sdfr encryption type 1909178825Sdfr 1910178825Sdfr * test_cms.in: Test generating des-ede3 aes-128 aes-256 enveloped 1911178825Sdfr data 1912178825Sdfr 1913178825Sdfr * crypto.c: Add names to cipher types. 1914178825Sdfr 1915178825Sdfr * cert.c (hx509_query_match_friendly_name): fix return value 1916178825Sdfr 1917178825Sdfr * data/gen-req.sh: generate tests for enveloped data using 1918178825Sdfr des-ede3 and aes256 1919178825Sdfr 1920178825Sdfr * test_cms.in: add tests for enveloped data using des-ede3 and 1921178825Sdfr aes256 1922178825Sdfr 1923178825Sdfr * cert.c (hx509_query_match_friendly_name): New function. 1924178825Sdfr 1925233294Sstas2006-04-21 Love H��rnquist ��strand <lha@it.su.se> 1926178825Sdfr 1927178825Sdfr * ks_p11.c: Add support for parsing slot-number. 1928178825Sdfr 1929178825Sdfr * crypto.c (oid_private_rc2_40): simply 1930178825Sdfr 1931178825Sdfr * crypto.c: Use oids from asn1 generator. 1932178825Sdfr 1933178825Sdfr * ks_file.c (file_init): reset length when done with a part 1934178825Sdfr 1935178825Sdfr * test_cms.in: check with test.combined.crt. 1936178825Sdfr 1937178825Sdfr * data/gen-req.sh: Create test.combined.crt. 1938178825Sdfr 1939178825Sdfr * test_cms.in: Test signed data using keyfile that is encrypted. 1940178825Sdfr 1941178825Sdfr * ks_file.c: Remove (commented out) debug printf 1942178825Sdfr 1943178825Sdfr * ks_file.c (parse_rsa_private_key): use EVP_get_cipherbyname 1944178825Sdfr 1945178825Sdfr * ks_file.c (parse_rsa_private_key): make working for one 1946178825Sdfr password. 1947178825Sdfr 1948178825Sdfr * ks_file.c (parse_rsa_private_key): Implement enought for 1949178825Sdfr testing. 1950178825Sdfr 1951178825Sdfr * hx_locl.h: Add <ctype.h> 1952178825Sdfr 1953178825Sdfr * ks_file.c: Add glue code for PEM encrypted password files. 1954178825Sdfr 1955178825Sdfr * test_cms.in: Add commeted out password protected PEM file, 1956178825Sdfr remove password for those tests that doesn't need it. 1957178825Sdfr 1958178825Sdfr * test_cms.in: adapt test now that we can use any certificate and 1959178825Sdfr trust anchor 1960178825Sdfr 1961178825Sdfr * collector.c: handle PEM RSA PRIVATE KEY files 1962178825Sdfr 1963178825Sdfr * cert.c: Remove unused function. 1964178825Sdfr 1965178825Sdfr * ks_dir.c: move code here from ks_file.c now that its no longer 1966178825Sdfr used. 1967178825Sdfr 1968178825Sdfr * ks_file.c: Add support for parsing unencrypted RSA PRIVATE KEY 1969178825Sdfr 1970178825Sdfr * crypto.c: Handle rsa private keys better. 1971178825Sdfr 1972233294Sstas2006-04-20 Love H��rnquist ��strand <lha@it.su.se> 1973178825Sdfr 1974178825Sdfr * hxtool.c: Use hx509_cms_{,un}wrap_ContentInfo 1975178825Sdfr 1976178825Sdfr * cms.c: Make hx509_cms_{,un}wrap_ContentInfo usable in asn1 1977178825Sdfr un-aware code. 1978178825Sdfr 1979178825Sdfr * cert.c (hx509_verify_path): if trust anchor is not self signed, 1980178825Sdfr don't check sig From Douglas Engert. 1981178825Sdfr 1982178825Sdfr * test_chain.in: test "sub-cert -> sub-ca" 1983178825Sdfr 1984178825Sdfr * crypto.c: Use the right length for the sha256 checksums. 1985178825Sdfr 1986233294Sstas2006-04-15 Love H��rnquist ��strand <lha@it.su.se> 1987178825Sdfr 1988178825Sdfr * crypto.c: Fix breakage from sha256 code. 1989178825Sdfr 1990178825Sdfr * crypto.c: Add SHA256 support, and symbols for the other new 1991178825Sdfr SHA-2 types. 1992178825Sdfr 1993233294Sstas2006-04-14 Love H��rnquist ��strand <lha@it.su.se> 1994178825Sdfr 1995178825Sdfr * test_cms.in: test rc2-40 rc2-64 rc2-128 enveloped data 1996178825Sdfr 1997178825Sdfr * data/test-enveloped-rc2-{40,64,128}: add tests cases for rc2 1998178825Sdfr 1999178825Sdfr * cms.c: Update prototypes changes for hx509_crypto_[gs]et_params. 2000178825Sdfr 2001178825Sdfr * crypto.c: Break out the parameter handling code for encrypting 2002178825Sdfr data to handle RC2. Needed for Windows 2k pk-init support. 2003178825Sdfr 2004233294Sstas2006-04-04 Love H��rnquist ��strand <lha@it.su.se> 2005178825Sdfr 2006178825Sdfr * Makefile.am: Split libhx509_la_SOURCES into build file and 2007178825Sdfr distributed files so we can avoid building prototypes for 2008178825Sdfr build-files. 2009178825Sdfr 2010233294Sstas2006-04-03 Love H��rnquist ��strand <lha@it.su.se> 2011178825Sdfr 2012178825Sdfr * TODO: split certificate request into pkcs10 and CRMF 2013178825Sdfr 2014178825Sdfr * hxtool-commands.in: Add nonce flag to ocsp-fetch 2015178825Sdfr 2016178825Sdfr * hxtool.c: control sending nonce 2017178825Sdfr 2018178825Sdfr * hxtool.c (request_create): store the request in a file, no in 2019178825Sdfr bitbucket. 2020178825Sdfr 2021178825Sdfr * cert.c: expose print_cert_subject internally 2022178825Sdfr 2023178825Sdfr * hxtool.c: Add ocsp_print. 2024178825Sdfr 2025178825Sdfr * hxtool-commands.in: New command "ocsp-print". 2026178825Sdfr 2027178825Sdfr * hx_locl.h: Include <hex.h>. 2028178825Sdfr 2029178825Sdfr * revoke.c (verify_ocsp): require issuer to match too. 2030178825Sdfr (free_ocsp): new function 2031178825Sdfr (hx509_revoke_ocsp_print): new function, print ocsp reply 2032178825Sdfr 2033178825Sdfr * Makefile.am: build CRMF files 2034178825Sdfr 2035178825Sdfr * data/key.der: needed for cert request test 2036178825Sdfr 2037178825Sdfr * test_req.in: adapt to rename of pkcs10-create to request-create 2038178825Sdfr 2039178825Sdfr * hxtool.c: adapt to rename of pkcs10-create to request-create 2040178825Sdfr 2041178825Sdfr * hxtool-commands.in: Rename pkcs10-create to request-create 2042178825Sdfr 2043178825Sdfr * crypto.c: (_hx509_parse_private_key): Avoid crashing on bad input. 2044178825Sdfr 2045178825Sdfr * hxtool.c (pkcs10_create): use opt->subject_string 2046178825Sdfr 2047178825Sdfr * hxtool-commands.in: Add pkcs10-create --subject 2048178825Sdfr 2049178825Sdfr * Makefile.am: Add test_req to tests. 2050178825Sdfr 2051178825Sdfr * test_req.in: Test for pkcs10 commands. 2052178825Sdfr 2053178825Sdfr * name.c (hx509_parse_name): new function. 2054178825Sdfr 2055178825Sdfr * hxtool.c (pkcs10_create): implement 2056178825Sdfr 2057178825Sdfr * hxtool-commands.in (pkcs10-create): Add arguments 2058178825Sdfr 2059178825Sdfr * crypto.c: Add _hx509_private_key2SPKI and support 2060178825Sdfr functions (only support RSA for now). 2061178825Sdfr 2062233294Sstas2006-04-02 Love H��rnquist ��strand <lha@it.su.se> 2063178825Sdfr 2064178825Sdfr * hxtool-commands.in: Add pkcs10-create command. 2065178825Sdfr 2066178825Sdfr * hx509.h: Add hx509_request. 2067178825Sdfr 2068178825Sdfr * TODO: more stuff 2069178825Sdfr 2070178825Sdfr * Makefile.am: Add req.c 2071178825Sdfr 2072178825Sdfr * req.c: Create certificate requests, prototype converts the 2073178825Sdfr request in a pkcs10 packet. 2074178825Sdfr 2075178825Sdfr * hxtool.c: Add pkcs10_create 2076178825Sdfr 2077178825Sdfr * name.c (hx509_name_copy): new function. 2078178825Sdfr 2079233294Sstas2006-04-01 Love H��rnquist ��strand <lha@it.su.se> 2080178825Sdfr 2081178825Sdfr * TODO: fill out what do 2082178825Sdfr 2083178825Sdfr * hxtool-commands.in: add pkcs10-print 2084178825Sdfr 2085178825Sdfr * hx_locl.h: Include <pkcs10_asn1.h>. 2086178825Sdfr 2087178825Sdfr * pkcs10.asn1: PKCS#10 2088178825Sdfr 2089178825Sdfr * hxtool.c (pkcs10_print): new function. 2090178825Sdfr 2091178825Sdfr * test_chain.in: test ocsp keyhash 2092178825Sdfr 2093178825Sdfr * data: generate ocsp keyhash version too 2094178825Sdfr 2095178825Sdfr * revoke.c (load_ocsp): test that we got back a BasicReponse 2096178825Sdfr 2097178825Sdfr * ocsp.asn1: Add asn1_id_pkix_ocsp*. 2098178825Sdfr 2099178825Sdfr * Makefile.am: Add asn1_id_pkix_ocsp*. 2100178825Sdfr 2101178825Sdfr * cert.c: Add HX509_QUERY_MATCH_KEY_HASH_SHA1 2102178825Sdfr 2103178825Sdfr * hx_locl.h: Add HX509_QUERY_MATCH_KEY_HASH_SHA1 2104178825Sdfr 2105178825Sdfr * revoke.c: Support OCSPResponderID.byKey, indent. 2106178825Sdfr 2107178825Sdfr * revoke.c (hx509_ocsp_request): Add nonce to ocsp request. 2108178825Sdfr 2109178825Sdfr * hxtool.c: Add nonce to ocsp request. 2110178825Sdfr 2111178825Sdfr * test_chain.in: Added crl tests 2112178825Sdfr 2113178825Sdfr * data/nist-data: rename missing-crl to missing-revoke 2114178825Sdfr 2115178825Sdfr * data: make ca use openssl ca command so we can add ocsp tests, 2116178825Sdfr and regen certs 2117178825Sdfr 2118178825Sdfr * test_chain.in: Add revoked ocsp cert test 2119178825Sdfr 2120178825Sdfr * cert.c: rename missing-crl to missing-revoke 2121178825Sdfr 2122178825Sdfr * revoke.c: refactor code, fix a un-init-ed variable 2123178825Sdfr 2124178825Sdfr * test_chain.in: rename missing-crl to missing-revoke add ocsp 2125178825Sdfr tests 2126178825Sdfr 2127178825Sdfr * test_cms.in: rename missing-crl to missing-revoke 2128178825Sdfr 2129178825Sdfr * hxtool.c: rename missing-crl to missing-revoke 2130178825Sdfr 2131178825Sdfr * hxtool-commands.in: rename missing-crl to missing-revoke 2132178825Sdfr 2133178825Sdfr * revoke.c: Plug one memory leak. 2134178825Sdfr 2135178825Sdfr * revoke.c: Renamed generic CRL related errors. 2136178825Sdfr 2137178825Sdfr * hx509_err.et: Comments and renamed generic CRL related errors 2138178825Sdfr 2139178825Sdfr * revoke.c: Add ocsp checker. 2140178825Sdfr 2141178825Sdfr * ocsp.asn1: Add id-kp-OCSPSigning 2142178825Sdfr 2143178825Sdfr * hxtool-commands.in: add url-path argument to ocsp-fetch 2144178825Sdfr 2145178825Sdfr * hxtool.c: implement ocsp-fetch 2146178825Sdfr 2147178825Sdfr * cert.c: Use HX509_DEFAULT_OCSP_TIME_DIFF. 2148178825Sdfr 2149178825Sdfr * hx_locl.h: Add ocsp_time_diff to hx509_context 2150178825Sdfr 2151178825Sdfr * crypto.c (_hx509_verify_signature_bitstring): new function, 2152178825Sdfr commonly use when checking certificates 2153178825Sdfr 2154178825Sdfr * cms.c (hx509_cms_envelope_1): check for internal ASN.1 encoder 2155178825Sdfr error 2156178825Sdfr 2157178825Sdfr * cert.c: Add ocsp glue, use new 2158178825Sdfr _hx509_verify_signature_bitstring, add eku checking function. 2159178825Sdfr 2160233294Sstas2006-03-31 Love H��rnquist ��strand <lha@it.su.se> 2161178825Sdfr 2162178825Sdfr * Makefile.am: add id_kp_OCSPSigning.x 2163178825Sdfr 2164178825Sdfr * revoke.c: Pick out certs in ocsp response 2165178825Sdfr 2166178825Sdfr * TODO: list of stuff to verify 2167178825Sdfr 2168178825Sdfr * revoke.c: Add code to load OCSPBasicOCSPResponse files, reload 2169178825Sdfr crl when its changed on disk. 2170178825Sdfr 2171178825Sdfr * cert.c: Update for ocsp merge. handle building path w/o 2172178825Sdfr subject (using subject key id) 2173178825Sdfr 2174178825Sdfr * ks_p12.c: _hx509_map_file changed prototype. 2175178825Sdfr 2176178825Sdfr * file.c: _hx509_map_file changed prototype, returns struct stat 2177178825Sdfr if requested. 2178178825Sdfr 2179178825Sdfr * ks_file.c: _hx509_map_file changed prototype. 2180178825Sdfr 2181178825Sdfr * hxtool.c: Add stub for ocsp-fetch, _hx509_map_file changed 2182178825Sdfr prototype, add ocsp parsing to verify command. 2183178825Sdfr 2184178825Sdfr * hx_locl.h: rename HX509_CTX_CRL_MISSING_OK to 2185178825Sdfr HX509_CTX_VERIFY_MISSING_OK now that we have OCSP glue 2186178825Sdfr 2187233294Sstas2006-03-30 Love H��rnquist ��strand <lha@it.su.se> 2188178825Sdfr 2189178825Sdfr * hx_locl.h: Add <krb5-types.h> to make it compile on Solaris, 2190178825Sdfr from Alex V. Labuta. 2191178825Sdfr 2192233294Sstas2006-03-28 Love H��rnquist ��strand <lha@it.su.se> 2193178825Sdfr 2194178825Sdfr * crypto.c (_hx509_pbe_decrypt): try all passwords, not just the 2195178825Sdfr first one. 2196178825Sdfr 2197233294Sstas2006-03-27 Love H��rnquist ��strand <lha@it.su.se> 2198178825Sdfr 2199178825Sdfr * print.c (check_altName): Print the othername oid. 2200178825Sdfr 2201178825Sdfr * crypto.c: Manual page claims RSA_public_decrypt will return -1 2202178825Sdfr on error, lets check for that 2203178825Sdfr 2204178825Sdfr * crypto.c (_hx509_pbe_decrypt): also try the empty password 2205178825Sdfr 2206178825Sdfr * collector.c (match_localkeyid): no need to add back the cert to 2207178825Sdfr the cert pool, its already there. 2208178825Sdfr 2209178825Sdfr * crypto.c: Add REQUIRE_SIGNER 2210178825Sdfr 2211178825Sdfr * cert.c (hx509_cert_free): ok to free NULL 2212178825Sdfr 2213178825Sdfr * hx509_err.et: Add new error code SIGNATURE_WITHOUT_SIGNER. 2214178825Sdfr 2215178825Sdfr * name.c (_hx509_name_ds_cmp): make DirectoryString case 2216178825Sdfr insenstive 2217178825Sdfr (hx509_name_to_string): less spacing 2218178825Sdfr 2219178825Sdfr * cms.c: Check for signature error, check consitency of error 2220178825Sdfr 2221233294Sstas2006-03-26 Love H��rnquist ��strand <lha@it.su.se> 2222178825Sdfr 2223178825Sdfr * collector.c (_hx509_collector_alloc): handle errors 2224178825Sdfr 2225178825Sdfr * cert.c (hx509_query_alloc): allocate slight more more then a 2226178825Sdfr sizeof(pointer) 2227178825Sdfr 2228178825Sdfr * crypto.c (_hx509_private_key_assign_key_file): ask for password 2229178825Sdfr if nothing matches. 2230178825Sdfr 2231178825Sdfr * cert.c: Expose more of the hx509_query interface. 2232178825Sdfr 2233178825Sdfr * collector.c: hx509_certs_find is now exposed. 2234178825Sdfr 2235178825Sdfr * cms.c: hx509_certs_find is now exposed. 2236178825Sdfr 2237178825Sdfr * revoke.c: hx509_certs_find is now exposed. 2238178825Sdfr 2239178825Sdfr * keyset.c (hx509_certs_free): allow free-ing NULL 2240178825Sdfr (hx509_certs_find): expose 2241178825Sdfr (hx509_get_one_cert): new function 2242178825Sdfr 2243178825Sdfr * hxtool.c: hx509_certs_find is now exposed. 2244178825Sdfr 2245178825Sdfr * hx_locl.h: Remove hx509_query, its exposed now. 2246178825Sdfr 2247178825Sdfr * hx509.h: Add hx509_query. 2248178825Sdfr 2249233294Sstas2006-02-22 Love H��rnquist ��strand <lha@it.su.se> 2250178825Sdfr 2251178825Sdfr * cert.c: Add exceptions for null (empty) subjectNames 2252178825Sdfr 2253178825Sdfr * data/nist-data: Add some more name constraints tests. 2254178825Sdfr 2255178825Sdfr * data/nist-data: Add some of the test from 4.13 Name Constraints. 2256178825Sdfr 2257178825Sdfr * cert.c: Name constraits needs to be evaluated in block as they 2258178825Sdfr appear in the certificates, they can not be joined to one 2259178825Sdfr list. One example of this is: 2260178825Sdfr 2261178825Sdfr - cert is cn=foo,dc=bar,dc=baz 2262178825Sdfr - subca is dc=foo,dc=baz with name restriction dc=kaka,dc=baz 2263178825Sdfr - ca is dc=baz with name restriction dc=baz 2264178825Sdfr 2265178825Sdfr If the name restrictions are merged to a list, the certificate 2266178825Sdfr will pass this test. 2267178825Sdfr 2268233294Sstas2006-02-14 Love H��rnquist ��strand <lha@it.su.se> 2269178825Sdfr 2270178825Sdfr * cert.c: Handle more name constraints cases. 2271178825Sdfr 2272178825Sdfr * crypto.c (dsa_verify_signature): if test if malloc failed 2273178825Sdfr 2274233294Sstas2006-01-31 Love H��rnquist ��strand <lha@it.su.se> 2275178825Sdfr 2276178825Sdfr * cms.c: Drop partial pkcs12 string2key implementation. 2277178825Sdfr 2278233294Sstas2006-01-20 Love H��rnquist ��strand <lha@it.su.se> 2279178825Sdfr 2280178825Sdfr * data/nist-data: Add commited out DSA tests (they fail). 2281178825Sdfr 2282178825Sdfr * data/nist-data: Add 4.2 Validity Periods. 2283178825Sdfr 2284178825Sdfr * test_nist.in: Make less verbose to use. 2285178825Sdfr 2286178825Sdfr * Makefile.am: Add test_nist_cert. 2287178825Sdfr 2288178825Sdfr * data/nist-data: Add some more CRL-tests. 2289178825Sdfr 2290178825Sdfr * test_nist.in: Print $id instead of . when running the tests. 2291178825Sdfr 2292178825Sdfr * test_nist.in: Drop verifying certifiates, its done in another 2293178825Sdfr test now. 2294178825Sdfr 2295178825Sdfr * data/nist-data: fixup kill-rectangle leftovers 2296178825Sdfr 2297178825Sdfr * data/nist-data: Drop verifying certifiates, its done in another 2298178825Sdfr test now. Add more crl tests. comment out all unused tests. 2299178825Sdfr 2300178825Sdfr * test_nist_cert.in: test parse all nist certs 2301178825Sdfr 2302233294Sstas2006-01-19 Love H��rnquist ��strand <lha@it.su.se> 2303178825Sdfr 2304178825Sdfr * hx509_err.et: Add HX509_CRL_UNKNOWN_EXTENSION. 2305178825Sdfr 2306178825Sdfr * revoke.c: Check for unknown extentions in CRLs and CRLEntries. 2307178825Sdfr 2308178825Sdfr * test_nist.in: Parse new format to handle CRL info. 2309178825Sdfr 2310178825Sdfr * test_chain.in: Add --missing-crl. 2311178825Sdfr 2312178825Sdfr * name.c (hx509_unparse_der_name): Rename from hx509_parse_name. 2313178825Sdfr (_hx509_unparse_Name): Add. 2314178825Sdfr 2315178825Sdfr * hxtool-commands.in: Add --missing-crl to verify commands. 2316178825Sdfr 2317178825Sdfr * hx509_err.et: Add CRL errors. 2318178825Sdfr 2319178825Sdfr * cert.c (hx509_context_set_missing_crl): new function Add CRL 2320178825Sdfr handling. 2321178825Sdfr 2322178825Sdfr * hx_locl.h: Add HX509_CTX_CRL_MISSING_OK. 2323178825Sdfr 2324178825Sdfr * revoke.c: Parse and verify CRLs (simplistic). 2325178825Sdfr 2326178825Sdfr * hxtool.c: Parse CRL info. 2327178825Sdfr 2328178825Sdfr * data/nist-data: Change format so we can deal with CRLs, also 2329178825Sdfr note the test-id from PKITS. 2330178825Sdfr 2331178825Sdfr * data: regenerate test 2332178825Sdfr 2333178825Sdfr * data/gen-req.sh: use static-file to generate tests 2334178825Sdfr 2335178825Sdfr * data/static-file: new file to use for commited tests 2336178825Sdfr 2337178825Sdfr * test_cms.in: Use static file, add --missing-crl. 2338178825Sdfr 2339233294Sstas2006-01-18 Love H��rnquist ��strand <lha@it.su.se> 2340178825Sdfr 2341178825Sdfr * print.c: Its cRLReason, not cRLReasons. 2342178825Sdfr 2343178825Sdfr * hxtool.c: Attach revoke context to verify context. 2344178825Sdfr 2345178825Sdfr * data/nist-data: change syntax to make match better with crl 2346178825Sdfr checks 2347178825Sdfr 2348178825Sdfr * cert.c: Verify no certificates has been revoked with the new 2349178825Sdfr revoke interface. 2350178825Sdfr 2351178825Sdfr * Makefile.am: libhx509_la_SOURCES += revoke.c 2352178825Sdfr 2353178825Sdfr * revoke.c: Add framework for handling CRLs. 2354178825Sdfr 2355178825Sdfr * hx509.h: Add hx509_revoke_ctx. 2356178825Sdfr 2357233294Sstas2006-01-13 Love H��rnquist ��strand <lha@it.su.se> 2358178825Sdfr 2359178825Sdfr * delete crypto_headers.h, use global file instead. 2360178825Sdfr 2361178825Sdfr * crypto.c (PBE_string2key): libdes now supports PKCS12_key_gen 2362178825Sdfr 2363233294Sstas2006-01-12 Love H��rnquist ��strand <lha@it.su.se> 2364178825Sdfr 2365178825Sdfr * crypto_headers.h: Need BN_is_negative too. 2366178825Sdfr 2367233294Sstas2006-01-11 Love H��rnquist ��strand <lha@it.su.se> 2368178825Sdfr 2369178825Sdfr * ks_p11.c (p11_rsa_public_decrypt): since is wrong, don't provide 2370178825Sdfr it. PKCS11 can't do public_decrypt, it support verify though. All 2371178825Sdfr this doesn't matter, since the code never go though this path. 2372178825Sdfr 2373178825Sdfr * crypto_headers.h: Provide glue to compile with less warnings 2374178825Sdfr with OpenSSL 2375178825Sdfr 2376233294Sstas2006-01-08 Love H��rnquist ��strand <lha@it.su.se> 2377178825Sdfr 2378178825Sdfr * Makefile.am: Depend on LIB_des 2379178825Sdfr 2380178825Sdfr * lock.c: Use "crypto_headers.h". 2381178825Sdfr 2382178825Sdfr * crypto_headers.h: Include the two diffrent implementation of 2383178825Sdfr crypto headers. 2384178825Sdfr 2385178825Sdfr * cert.c: Use "crypto-headers.h". Load ENGINE configuration. 2386178825Sdfr 2387178825Sdfr * crypto.c: Make compile with both OpenSSL and heimdal libdes. 2388178825Sdfr 2389178825Sdfr * ks_p11.c: Add code for public key decryption (not supported yet) 2390178825Sdfr and use "crypto-headers.h". 2391178825Sdfr 2392178825Sdfr 2393233294Sstas2006-01-04 Love H��rnquist ��strand <lha@it.su.se> 2394178825Sdfr 2395178825Sdfr * add a hx509_context where we can store configuration 2396178825Sdfr 2397178825Sdfr * p11.c,Makefile.am: pkcs11 is now supported by library, remove 2398178825Sdfr old files. 2399178825Sdfr 2400178825Sdfr * ks_p11.c: more paranoid on refcount, set refcounter ealier, 2401178825Sdfr reset pointers after free 2402178825Sdfr 2403178825Sdfr * collector.c (struct private_key): remove temporary key data 2404178825Sdfr storage, convert directly to a key 2405178825Sdfr (match_localkeyid): match certificate and key using localkeyid 2406178825Sdfr (match_keys): match certificate and key using _hx509_match_keys 2407178825Sdfr (_hx509_collector_collect): rewrite to use match_keys and 2408178825Sdfr match_localkeyid 2409178825Sdfr 2410178825Sdfr * crypto.c (_hx509_match_keys): function that determins if a 2411178825Sdfr private key matches a certificate, used when there is no 2412178825Sdfr localkeyid. 2413178825Sdfr (*) reset free pointer 2414178825Sdfr 2415178825Sdfr * ks_file.c: Rewrite to use collector and mapping support 2416178825Sdfr function. 2417178825Sdfr 2418178825Sdfr * ks_p11.c (rsa_pkcs1_method): constify 2419178825Sdfr 2420178825Sdfr * ks_p11.c: drop extra wrapping of p11_init 2421178825Sdfr 2422178825Sdfr * crypto.c (_hx509_private_key_assign_key_file): use function to 2423178825Sdfr extact rsa key 2424178825Sdfr 2425178825Sdfr * cert.c: Revert previous, refcounter is unsigned, so it can never 2426178825Sdfr be negative. 2427178825Sdfr 2428178825Sdfr * cert.c (hx509_cert_ref): more refcount paranoia 2429178825Sdfr 2430178825Sdfr * ks_p11.c: Implement rsa_private_decrypt and add stubs for public 2431178825Sdfr ditto. 2432178825Sdfr 2433178825Sdfr * ks_p11.c: Less printf, less memory leaks. 2434178825Sdfr 2435178825Sdfr * ks_p11.c: Implement signing using pkcs11. 2436178825Sdfr 2437178825Sdfr * ks_p11.c: Partly assign private key, enough to complete 2438178825Sdfr collection, but not any crypto functionallity. 2439178825Sdfr 2440178825Sdfr * collector.c: Use hx509_private_key to assign private keys. 2441178825Sdfr 2442178825Sdfr * crypto.c: Remove most of the EVP_PKEY code, and use RSA 2443178825Sdfr directly, this temporary removes DSA support. 2444178825Sdfr 2445178825Sdfr * hxtool.c (print_f): print if there is a friendly name and if 2446178825Sdfr there is a private key 2447178825Sdfr 2448233294Sstas2006-01-03 Love H��rnquist ��strand <lha@it.su.se> 2449178825Sdfr 2450178825Sdfr * name.c: Avoid warning from missing __attribute__((noreturn)) 2451178825Sdfr 2452178825Sdfr * lock.c (_hx509_lock_unlock_certs): return unlock certificates 2453178825Sdfr 2454178825Sdfr * crypto.c (_hx509_private_key_assign_ptr): new function, exposes 2455178825Sdfr EVP_PKEY 2456178825Sdfr (_hx509_private_key_assign_key_file): remember to free private key 2457178825Sdfr if there is one. 2458178825Sdfr 2459178825Sdfr * cert.c (_hx509_abort): add newline to output and flush stdout 2460178825Sdfr 2461178825Sdfr * Makefile.am: libhx509_la_SOURCES += collector.c 2462178825Sdfr 2463178825Sdfr * hx_locl.h: forward type declaration of struct hx509_collector. 2464178825Sdfr 2465178825Sdfr * collector.c: Support functions to collect certificates and 2466178825Sdfr private keys and then match them. 2467178825Sdfr 2468178825Sdfr * ks_p12.c: Use the new hx509_collector support functions. 2469178825Sdfr 2470178825Sdfr * ks_p11.c: Add enough glue to support certificate iteration. 2471178825Sdfr 2472178825Sdfr * test_nist_pkcs12.in: Less verbose. 2473178825Sdfr 2474178825Sdfr * cert.c (hx509_cert_free): if there is a private key assosited 2475178825Sdfr with this cert, free it 2476178825Sdfr 2477178825Sdfr * print.c: Use _hx509_abort. 2478178825Sdfr 2479178825Sdfr * ks_p12.c: Use _hx509_abort. 2480178825Sdfr 2481178825Sdfr * hxtool.c: Use _hx509_abort. 2482178825Sdfr 2483178825Sdfr * crypto.c: Use _hx509_abort. 2484178825Sdfr 2485178825Sdfr * cms.c: Use _hx509_abort. 2486178825Sdfr 2487178825Sdfr * cert.c: Use _hx509_abort. 2488178825Sdfr 2489178825Sdfr * name.c: use _hx509_abort 2490178825Sdfr 2491233294Sstas2006-01-02 Love H��rnquist ��strand <lha@it.su.se> 2492178825Sdfr 2493178825Sdfr * name.c (hx509_name_to_string): don't cut bmpString in half. 2494178825Sdfr 2495178825Sdfr * name.c (hx509_name_to_string): don't overwrite with 1 byte with 2496178825Sdfr bmpString. 2497178825Sdfr 2498178825Sdfr * ks_file.c (parse_certificate): avoid stomping before array 2499178825Sdfr 2500178825Sdfr * name.c (oidtostring): avoid leaking memory 2501178825Sdfr 2502178825Sdfr * keyset.c: Add _hx509_ks_dir_register. 2503178825Sdfr 2504178825Sdfr * Makefile.am (libhx509_la_SOURCES): += ks_dir.c 2505178825Sdfr 2506178825Sdfr * hxtool-commands.in: Remove pkcs11. 2507178825Sdfr 2508178825Sdfr * hxtool.c: Remove pcert_pkcs11. 2509178825Sdfr 2510178825Sdfr * ks_file.c: Factor out certificate parsing code. 2511178825Sdfr 2512178825Sdfr * ks_dir.c: Add new keystore that treats all files in a directory 2513178825Sdfr a keystore, useful for regression tests. 2514178825Sdfr 2515233294Sstas2005-12-12 Love H��rnquist ��strand <lha@it.su.se> 2516178825Sdfr 2517178825Sdfr * test_nist_pkcs12.in: Test parse PKCS12 files from NIST. 2518178825Sdfr 2519178825Sdfr * data/nist-data: Can handle DSA certificate. 2520178825Sdfr 2521178825Sdfr * hxtool.c: Print error code on failure. 2522178825Sdfr 2523233294Sstas2005-10-29 Love H��rnquist ��strand <lha@it.su.se> 2524178825Sdfr 2525178825Sdfr * crypto.c: Support DSA signature operations. 2526178825Sdfr 2527233294Sstas2005-10-04 Love H��rnquist ��strand <lha@it.su.se> 2528178825Sdfr 2529178825Sdfr * print.c: Validate that issuerAltName and subjectAltName isn't 2530178825Sdfr empty. 2531178825Sdfr 2532233294Sstas2005-09-14 Love H��rnquist ��strand <lha@it.su.se> 2533178825Sdfr 2534178825Sdfr * p11.c: Cast to unsigned char to avoid warning. 2535178825Sdfr 2536178825Sdfr * keyset.c: Register pkcs11 module. 2537178825Sdfr 2538178825Sdfr * Makefile.am: Add ks_p11.c, install hxtool. 2539178825Sdfr 2540178825Sdfr * ks_p11.c: Starting point of a pkcs11 module. 2541178825Sdfr 2542233294Sstas2005-09-04 Love H��rnquist ��strand <lha@it.su.se> 2543178825Sdfr 2544178825Sdfr * lock.c: Implement prompter. 2545178825Sdfr 2546178825Sdfr * hxtool-commands.in: add --content to print 2547178825Sdfr 2548178825Sdfr * hxtool.c: Split verify and print. 2549178825Sdfr 2550178825Sdfr * cms.c: _hx509_pbe_decrypt now takes a hx509_lock. 2551178825Sdfr 2552178825Sdfr * crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround 2553178825Sdfr for empty password. 2554178825Sdfr 2555178825Sdfr * name.c: Add DC, handle all Directory strings, fix signless 2556178825Sdfr problems. 2557178825Sdfr 2558233294Sstas2005-09-03 Love H��rnquist ��strand <lha@it.su.se> 2559178825Sdfr 2560178825Sdfr * test_query.in: Pass in --pass to all commands. 2561178825Sdfr 2562178825Sdfr * hxtool.c: Use option --pass. 2563178825Sdfr 2564178825Sdfr * hxtool-commands.in: Add --pass to all commands. 2565178825Sdfr 2566178825Sdfr * hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER 2567178825Sdfr 2568178825Sdfr * test_cms.in: pass in password to cms-create-sd 2569178825Sdfr 2570178825Sdfr * crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k 2571178825Sdfr later. Avoid signess warnings with OpenSSL. 2572178825Sdfr 2573178825Sdfr * cms.c: Use void * instead of char * for to avoid signedness 2574178825Sdfr issues 2575178825Sdfr 2576178825Sdfr * cert.c (hx509_cert_get_attribute): remove const, its not 2577178825Sdfr 2578178825Sdfr * ks_p12.c: Cast size_t to unsigned long when print. 2579178825Sdfr 2580178825Sdfr * name.c: Fix signedness warning. 2581178825Sdfr 2582178825Sdfr * test_query.in: Use echo, the function check isn't defined here. 2583178825Sdfr 2584233294Sstas2005-08-11 Love H��rnquist ��strand <lha@it.su.se> 2585178825Sdfr 2586178825Sdfr * hxtool-commands.in: Add more options that was missing. 2587178825Sdfr 2588233294Sstas2005-07-28 Love H��rnquist ��strand <lha@it.su.se> 2589178825Sdfr 2590178825Sdfr * test_cms.in: Use --certificate= for enveloped/unenvelope. 2591178825Sdfr 2592178825Sdfr * hxtool.c: Use --certificate= for enveloped/unenvelope. Clean 2593178825Sdfr up. 2594178825Sdfr 2595178825Sdfr * test_cms.in: add EnvelopeData tests 2596178825Sdfr 2597178825Sdfr * hxtool.c: use id-envelopedData for ContentInfo 2598178825Sdfr 2599178825Sdfr * hxtool-commands.in: add contentinfo wrapping for create/unwrap 2600178825Sdfr enveloped data 2601178825Sdfr 2602178825Sdfr * hxtool.c: add contentinfo wrapping for create/unwrap enveloped 2603178825Sdfr data 2604178825Sdfr 2605178825Sdfr * data/gen-req.sh: add enveloped data (aes128) 2606178825Sdfr 2607178825Sdfr * crypto.c: add "new" RC2 oid 2608178825Sdfr 2609233294Sstas2005-07-27 Love H��rnquist ��strand <lha@it.su.se> 2610178825Sdfr 2611178825Sdfr * hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows 2612178825Sdfr caller to match by function, note that this doesn't not work 2613178825Sdfr directly for backends that implements ->query, they must do their 2614178825Sdfr own processing. (I'm running out of flags, only 12 left now) 2615178825Sdfr 2616178825Sdfr * test_cms.in: verify ContentInfo wrapping code in hxtool 2617178825Sdfr 2618178825Sdfr * hxtool-commands.in (cms_create_sd): support wrapping in content 2619178825Sdfr info spelling 2620178825Sdfr 2621178825Sdfr * hxtool.c (cms_create_sd): support wrapping in content info 2622178825Sdfr 2623178825Sdfr * test_cms.in: test more cms signeddata messages 2624178825Sdfr 2625178825Sdfr * data/gen-req.sh: generate SignedData 2626178825Sdfr 2627178825Sdfr * hxtool.c (cms_create_sd): support certificate store, add support 2628178825Sdfr to unwrap a ContentInfo the SignedData inside. 2629178825Sdfr 2630178825Sdfr * crypto.c: sprinkel rk_UNCONST 2631178825Sdfr 2632178825Sdfr * crypto.c: add DER NULL to the digest oid's 2633178825Sdfr 2634178825Sdfr * hxtool-commands.in: add --content-info to cms-verify-sd 2635178825Sdfr 2636178825Sdfr * cms.c (hx509_cms_create_signed_1): pass in a full 2637178825Sdfr AlgorithmIdentifier instead of heim_oid for digest_alg 2638178825Sdfr 2639178825Sdfr * crypto.c: make digest_alg a digest_oid, it's not needed right 2640178825Sdfr now 2641178825Sdfr 2642178825Sdfr * hx509_err.et: add CERT_NOT_FOUND 2643178825Sdfr 2644178825Sdfr * keyset.c (_hx509_certs_find): add error code for cert not 2645178825Sdfr found 2646178825Sdfr 2647178825Sdfr * cms.c (hx509_cms_verify_signed): add external store of 2648178825Sdfr certificates, use the right digest algorithm identifier. 2649178825Sdfr 2650178825Sdfr * cert.c: fix const warning 2651178825Sdfr 2652178825Sdfr * ks_p12.c: slightly less verbose 2653178825Sdfr 2654178825Sdfr * cert.c: add hx509_cert_find_subjectAltName_otherName, add 2655178825Sdfr HX509_QUERY_MATCH_FRIENDLY_NAME 2656178825Sdfr 2657178825Sdfr * hx509.h: add hx509_octet_string_list, remove bad comment 2658178825Sdfr 2659178825Sdfr * hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME 2660178825Sdfr 2661178825Sdfr * keyset.c (hx509_certs_append): needs a hx509_lock, add one 2662178825Sdfr 2663178825Sdfr * Makefile.am: add test cases tempfiles to CLEANFILES 2664178825Sdfr 2665178825Sdfr * Makefile.am: add test_query to TESTS, fix dependency on hxtool 2666178825Sdfr sources on hxtool-commands.h 2667178825Sdfr 2668178825Sdfr * hxtool-commands.in: explain what signer is for create-sd 2669178825Sdfr 2670178825Sdfr * hxtool.c: add query, add more options to verify-sd and create-sd 2671178825Sdfr 2672178825Sdfr * test_cms.in: add more cms tests 2673178825Sdfr 2674178825Sdfr * hxtool-commands.in: add query, add more options to verify-sd 2675178825Sdfr 2676178825Sdfr * test_query.in: test query interface 2677178825Sdfr 2678178825Sdfr * data: fix filenames for ds/ke files, add pkcs12 files, regen 2679178825Sdfr 2680178825Sdfr * hxtool.c,Makefile.am,hxtool-commands.in: switch to slc 2681178825Sdfr 2682233294Sstas2005-07-26 Love H��rnquist ��strand <lha@it.su.se> 2683178825Sdfr 2684178825Sdfr * cert.c (hx509_verify_destroy_ctx): add 2685178825Sdfr 2686178825Sdfr * hxtool.c: free hx509_verify_ctx 2687178825Sdfr 2688178825Sdfr * name.c (_hx509_name_ds_cmp): make sure all strings are not equal 2689178825Sdfr 2690233294Sstas2005-07-25 Love H��rnquist ��strand <lha@it.su.se> 2691178825Sdfr 2692178825Sdfr * hxtool.c: return error 2693178825Sdfr 2694178825Sdfr * keyset.c: return errors from iterations 2695178825Sdfr 2696178825Sdfr * test_chain.in: clean up checks 2697178825Sdfr 2698178825Sdfr * ks_file.c (parse_certificate): return errno's not 1 in case of 2699178825Sdfr error 2700178825Sdfr 2701178825Sdfr * ks_file.c (file_iter): make sure endpointer is NULL 2702178825Sdfr 2703178825Sdfr * ks_mem.c (mem_iter): follow conversion and return NULL when we 2704178825Sdfr get to the end, not ENOENT. 2705178825Sdfr 2706178825Sdfr * Makefile.am: test_chain depends on hxtool 2707178825Sdfr 2708178825Sdfr * data: test certs that lasts 10 years 2709178825Sdfr 2710178825Sdfr * data/gen-req.sh: script to generate test certs 2711178825Sdfr 2712178825Sdfr * Makefile.am: Add regression tests. 2713178825Sdfr 2714178825Sdfr * data: test certificate and keys 2715178825Sdfr 2716178825Sdfr * test_chain.in: test chain 2717178825Sdfr 2718178825Sdfr * hxtool.c (cms_create_sd): add KU digitalSigature as a 2719178825Sdfr requirement to the query 2720178825Sdfr 2721178825Sdfr * hx_locl.h: add KeyUsage query bits 2722178825Sdfr 2723178825Sdfr * hx509_err.et: add KeyUsage error 2724178825Sdfr 2725178825Sdfr * cms.c: add checks for KeyUsage 2726178825Sdfr 2727178825Sdfr * cert.c: more checks on KeyUsage, allow to query on them too 2728178825Sdfr 2729233294Sstas2005-07-24 Love H��rnquist ��strand <lha@it.su.se> 2730178825Sdfr 2731178825Sdfr * cms.c: Add missing break. 2732178825Sdfr 2733178825Sdfr * hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId 2734178825Sdfr 2735178825Sdfr * hxtool.c: Use _hx509_map_file, _hx509_unmap_file and 2736178825Sdfr _hx509_write_file. 2737178825Sdfr 2738178825Sdfr * file.c (_hx509_write_file): in case of write error, return errno 2739178825Sdfr 2740178825Sdfr * file.c (_hx509_write_file): add a function that write a data 2741178825Sdfr blob to disk too 2742178825Sdfr 2743178825Sdfr * Fix id-tags 2744178825Sdfr 2745178825Sdfr * Import mostly complete X.509 and CMS library. Handles, PEM, DER, 2746178825Sdfr PKCS12 encoded certicates. Verificate RSA chains and handled 2747178825Sdfr CMS's SignedData, and EnvelopedData. 2748178825Sdfr 2749178825Sdfr 2750