summaryrefslogtreecommitdiff
path: root/lib/pkcs11_write.c
Commit message (Collapse)AuthorAgeFilesLines
* Removed all FIXME comments in code [ci skip]Nikos Mavrogiannopoulos2019-03-161-2/+2
| | | | | | | | We expand informational comments on limitations, but with removing FIXME (keyword didn't help fixing these), and remove completely unhelpful comments, obsolete ones, or comments about ideas. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Remove redundant resets of variables after free()Tim Rühsen2019-02-221-1/+0
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Added test about rsa decryption under pkcs11Nikos Mavrogiannopoulos2018-11-301-1/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSAckm-eddsaDmitry Eremin-Solenikov2018-11-281-0/+2
| | | | | | | | | | | | | pkcs11 support code uses several definitions from forthcoming PKCS#11 standard version. Older p11-kit versions do not provide these definitions. Detect and disable code supporting EdDSA if compiling GnuTLS with older p11-kit library. Closes #626 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Fixes: 88377775a3eff679a9ec60ab9bfc6b3c683a0407 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Add support for EDDSA/Ed25519 object support via PKCS#11Simo Sorce2018-11-191-0/+48
| | | | | | | | | Tested with softHSM 2.5.0 Resolves #417 Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* p11tool: fix initialization of security officer's PINtmp-initialize-so-pin-fixNikos Mavrogiannopoulos2018-10-241-6/+34
| | | | | | | | | | | | Previously we would call gnutls_pkcs11_token_set_pin() without an old PIN provided, which will result to the use of C_InitPIN() on the underlying module. The C_InitPIN() in contrast with C_SetPIN() will only work for the user and not for the administrator. As such, we always provide the oldpin for when we change the admin's PIN. Resolves #561 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pcert: added functionality to retrieve listsNikos Mavrogiannopoulos2018-05-121-4/+6
| | | | | | | | | That introduces gnutls_pcert_list_import_x509_file() and gnutls_x509_crt_list_import_url(). Resolves #373 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* pkcs11: mark private key objects as sensitive by defaulttmp-pkcs11-sensitive-fixNikos Mavrogiannopoulos2018-05-031-9/+13
| | | | | | | That is, to prevent accidentally creating objects which can be exported. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_pk_params_st: separate flags/qbits and curveNikos Mavrogiannopoulos2017-08-081-1/+1
| | | | | | | | | | Previously we were using the field flags to store the size of q in case of GNUTLS_PK_DH, some key generation flags in case of GNUTLS_PK_RSA, and the curve in case of elliptic curve key. Separate this into multiple fields to reduce confusion on the field. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: added support for signatures with RSA-PSSNikos Mavrogiannopoulos2017-08-031-0/+3
| | | | | | Relates #209 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: do not set leading zeros on integersNikos Mavrogiannopoulos2017-06-121-13/+14
| | | | | | | | | | PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. Resolves: #215 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: forbid PKCS#11 extensions to be used in other than trust modulesNikos Mavrogiannopoulos2016-09-271-20/+12
| | | | | | That is, only use the CKA_X_DISTRUSTED and the extension override in p11-kit trust modules, to avoid conflicts with potentially other PKCS#11 extensions.
* pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTEDNikos Mavrogiannopoulos2016-09-261-0/+7
| | | | | This allows to mark objects as distrusted, as well as to be able to list distrusted objects.
* several spacing fixes to keep syntax-check happyNikos Mavrogiannopoulos2016-09-111-5/+5
|
* Corrected the writing of serial number in PKCS#11 modulesNikos Mavrogiannopoulos2016-06-161-4/+9
| | | | | | That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek.
* pkcs11: use ctx as variable name for ck_object_handle_t for clarityNikos Mavrogiannopoulos2016-06-031-11/+11
|
* gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private keyNikos Mavrogiannopoulos2015-12-311-1/+1
|
* gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written objectNikos Mavrogiannopoulos2015-12-311-5/+5
| | | | Previously only RSA objects were correctly written.
* pkcs11: introduced gnutls_pkcs11_copy_pubkeyNikos Mavrogiannopoulos2015-10-161-0/+259
| | | | That allows copying a public key to a PKCS #11 module.
* pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificateNikos Mavrogiannopoulos2015-10-151-2/+16
| | | | | That allows NSS to read and use the written certificate. Relates #43
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-3/+3
|
* Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_infoNikos Mavrogiannopoulos2015-07-101-4/+4
| | | | That allows to obtain the shared module name of a token URL.
* doc updatesNikos Mavrogiannopoulos2015-04-041-7/+13
|
* pkcs11: use key_usage to set the appropriate flagsNikos Mavrogiannopoulos2015-04-041-2/+53
|
* enhanced copy functions to allow specifying a CKA_IDNikos Mavrogiannopoulos2015-03-301-33/+48
|
* gnutls_pkcs11_copy_x509_privkey: increase size for attributesNikos Mavrogiannopoulos2015-03-281-1/+1
|
* pkcs11: added flags to mark keys as not-being signable or decryptableNikos Mavrogiannopoulos2015-03-261-4/+14
| | | | | That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during generation or write of keys.
* pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private keyNikos Mavrogiannopoulos2015-03-261-1/+14
|
* Instead of sanitizing URLs, use hints to support incomplete PKCS#11 URIsNikos Mavrogiannopoulos2014-12-231-7/+7
|
* pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flagsNikos Mavrogiannopoulos2014-11-071-0/+12
|
* pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTHNikos Mavrogiannopoulos2014-11-071-1/+8
|
* pkcs11: eliminated the need for struct token_infoNikos Mavrogiannopoulos2014-11-061-4/+4
|
* added gnutls_pkcs11_copy_attached_extension()Nikos Mavrogiannopoulos2014-09-121-35/+147
|
* set CKA_EC_PARAMS when generating an ECDSA keyNikos Mavrogiannopoulos2014-07-071-1/+1
|
* Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.Nikos Mavrogiannopoulos2014-06-161-0/+9
| | | | That flag allows to mark a certificate in the token as a CA (category==CA)
* initialize the size valueNikos Mavrogiannopoulos2014-04-281-0/+1
|
* unified PKCS#11 debug messagesNikos Mavrogiannopoulos2014-01-021-8/+8
|
* do not specify a default class when searching for objects to deleteNikos Mavrogiannopoulos2013-12-231-5/+5
| | | | | This fixed issue when trying to delete all the keys in a token by using the token URL.
* pkcs11_get_random was renamedNikos Mavrogiannopoulos2013-12-211-1/+1
|
* ensure that all the exported pkcs11 functions initialize PKCS #11.Nikos Mavrogiannopoulos2013-12-091-0/+12
|
* Improvements in PKCS #11 support.Nikos Mavrogiannopoulos2013-11-091-3/+7
| | | | | | | | Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer. The latter function allows to obtain the issuer of a certificate stored in a token. While traversing tokens, use the URL provided by the user, to avoid looking for objects in unrelated tokens.
* simplified gnutls_pkcs11_copy_x509_crt()Nikos Mavrogiannopoulos2013-11-091-10/+2
|
* reindented codeNikos Mavrogiannopoulos2013-11-081-736/+694
|
* simplified codeNikos Mavrogiannopoulos2013-10-301-4/+1
|
* get random data from pkcs#11 tokensWolfgang Meyer zu Bergsten2013-10-251-0/+61
| | | | Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* Use LGPLv2.1 in the files their author's agreed to.Nikos Mavrogiannopoulos2013-02-031-1/+1
|
* GNUTLS_PKCS11_PIN -> GNUTLS_PINNikos Mavrogiannopoulos2012-07-211-2/+2
|
* Added PIN callbacks in structures that may require PIN access to override ↵Nikos Mavrogiannopoulos2012-07-161-4/+4
| | | | the global callbacks.
* PIN callback function was made more generic than PKCS #11.Nikos Mavrogiannopoulos2012-07-161-1/+1
|
View Lorry Controller Status