Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Removed all FIXME comments in code [ci skip] | Nikos Mavrogiannopoulos | 2019-03-16 | 1 | -2/+2 |
| | | | | | | | | We expand informational comments on limitations, but with removing FIXME (keyword didn't help fixing these), and remove completely unhelpful comments, obsolete ones, or comments about ideas. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | Use https:// for www.gnu.org and www.example.com | Tim Rühsen | 2019-03-13 | 1 | -1/+1 |
| | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> | ||||
* | Remove redundant resets of variables after free() | Tim Rühsen | 2019-02-22 | 1 | -1/+0 |
| | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> | ||||
* | Added test about rsa decryption under pkcs11 | Nikos Mavrogiannopoulos | 2018-11-30 | 1 | -1/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSAckm-eddsa | Dmitry Eremin-Solenikov | 2018-11-28 | 1 | -0/+2 |
| | | | | | | | | | | | | | pkcs11 support code uses several definitions from forthcoming PKCS#11 standard version. Older p11-kit versions do not provide these definitions. Detect and disable code supporting EdDSA if compiling GnuTLS with older p11-kit library. Closes #626 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Fixes: 88377775a3eff679a9ec60ab9bfc6b3c683a0407 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Add support for EDDSA/Ed25519 object support via PKCS#11 | Simo Sorce | 2018-11-19 | 1 | -0/+48 |
| | | | | | | | | | Tested with softHSM 2.5.0 Resolves #417 Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | p11tool: fix initialization of security officer's PINtmp-initialize-so-pin-fix | Nikos Mavrogiannopoulos | 2018-10-24 | 1 | -6/+34 |
| | | | | | | | | | | | | Previously we would call gnutls_pkcs11_token_set_pin() without an old PIN provided, which will result to the use of C_InitPIN() on the underlying module. The C_InitPIN() in contrast with C_SetPIN() will only work for the user and not for the administrator. As such, we always provide the oldpin for when we change the admin's PIN. Resolves #561 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pcert: added functionality to retrieve lists | Nikos Mavrogiannopoulos | 2018-05-12 | 1 | -4/+6 |
| | | | | | | | | | That introduces gnutls_pcert_list_import_x509_file() and gnutls_x509_crt_list_import_url(). Resolves #373 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | pkcs11: mark private key objects as sensitive by defaulttmp-pkcs11-sensitive-fix | Nikos Mavrogiannopoulos | 2018-05-03 | 1 | -9/+13 |
| | | | | | | | That is, to prevent accidentally creating objects which can be exported. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | gnutls_pk_params_st: separate flags/qbits and curve | Nikos Mavrogiannopoulos | 2017-08-08 | 1 | -1/+1 |
| | | | | | | | | | | Previously we were using the field flags to store the size of q in case of GNUTLS_PK_DH, some key generation flags in case of GNUTLS_PK_RSA, and the curve in case of elliptic curve key. Separate this into multiple fields to reduce confusion on the field. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs11: added support for signatures with RSA-PSS | Nikos Mavrogiannopoulos | 2017-08-03 | 1 | -0/+3 |
| | | | | | | Relates #209 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs11: do not set leading zeros on integers | Nikos Mavrogiannopoulos | 2017-06-12 | 1 | -13/+14 |
| | | | | | | | | | | PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. Resolves: #215 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs11: forbid PKCS#11 extensions to be used in other than trust modules | Nikos Mavrogiannopoulos | 2016-09-27 | 1 | -20/+12 |
| | | | | | | That is, only use the CKA_X_DISTRUSTED and the extension override in p11-kit trust modules, to avoid conflicts with potentially other PKCS#11 extensions. | ||||
* | pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED | Nikos Mavrogiannopoulos | 2016-09-26 | 1 | -0/+7 |
| | | | | | This allows to mark objects as distrusted, as well as to be able to list distrusted objects. | ||||
* | several spacing fixes to keep syntax-check happy | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -5/+5 |
| | |||||
* | Corrected the writing of serial number in PKCS#11 modules | Nikos Mavrogiannopoulos | 2016-06-16 | 1 | -4/+9 |
| | | | | | | That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek. | ||||
* | pkcs11: use ctx as variable name for ck_object_handle_t for clarity | Nikos Mavrogiannopoulos | 2016-06-03 | 1 | -11/+11 |
| | |||||
* | gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private key | Nikos Mavrogiannopoulos | 2015-12-31 | 1 | -1/+1 |
| | |||||
* | gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written object | Nikos Mavrogiannopoulos | 2015-12-31 | 1 | -5/+5 |
| | | | | Previously only RSA objects were correctly written. | ||||
* | pkcs11: introduced gnutls_pkcs11_copy_pubkey | Nikos Mavrogiannopoulos | 2015-10-16 | 1 | -0/+259 |
| | | | | That allows copying a public key to a PKCS #11 module. | ||||
* | pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate | Nikos Mavrogiannopoulos | 2015-10-15 | 1 | -2/+16 |
| | | | | | That allows NSS to read and use the written certificate. Relates #43 | ||||
* | Removed the 'gnutls_' prefix from files to simplify file naming | Nikos Mavrogiannopoulos | 2015-08-23 | 1 | -3/+3 |
| | |||||
* | Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info | Nikos Mavrogiannopoulos | 2015-07-10 | 1 | -4/+4 |
| | | | | That allows to obtain the shared module name of a token URL. | ||||
* | doc updates | Nikos Mavrogiannopoulos | 2015-04-04 | 1 | -7/+13 |
| | |||||
* | pkcs11: use key_usage to set the appropriate flags | Nikos Mavrogiannopoulos | 2015-04-04 | 1 | -2/+53 |
| | |||||
* | enhanced copy functions to allow specifying a CKA_ID | Nikos Mavrogiannopoulos | 2015-03-30 | 1 | -33/+48 |
| | |||||
* | gnutls_pkcs11_copy_x509_privkey: increase size for attributes | Nikos Mavrogiannopoulos | 2015-03-28 | 1 | -1/+1 |
| | |||||
* | pkcs11: added flags to mark keys as not-being signable or decryptable | Nikos Mavrogiannopoulos | 2015-03-26 | 1 | -4/+14 |
| | | | | | That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during generation or write of keys. | ||||
* | pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key | Nikos Mavrogiannopoulos | 2015-03-26 | 1 | -1/+14 |
| | |||||
* | Instead of sanitizing URLs, use hints to support incomplete PKCS#11 URIs | Nikos Mavrogiannopoulos | 2014-12-23 | 1 | -7/+7 |
| | |||||
* | pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags | Nikos Mavrogiannopoulos | 2014-11-07 | 1 | -0/+12 |
| | |||||
* | pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH | Nikos Mavrogiannopoulos | 2014-11-07 | 1 | -1/+8 |
| | |||||
* | pkcs11: eliminated the need for struct token_info | Nikos Mavrogiannopoulos | 2014-11-06 | 1 | -4/+4 |
| | |||||
* | added gnutls_pkcs11_copy_attached_extension() | Nikos Mavrogiannopoulos | 2014-09-12 | 1 | -35/+147 |
| | |||||
* | set CKA_EC_PARAMS when generating an ECDSA key | Nikos Mavrogiannopoulos | 2014-07-07 | 1 | -1/+1 |
| | |||||
* | Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. | Nikos Mavrogiannopoulos | 2014-06-16 | 1 | -0/+9 |
| | | | | That flag allows to mark a certificate in the token as a CA (category==CA) | ||||
* | initialize the size value | Nikos Mavrogiannopoulos | 2014-04-28 | 1 | -0/+1 |
| | |||||
* | unified PKCS#11 debug messages | Nikos Mavrogiannopoulos | 2014-01-02 | 1 | -8/+8 |
| | |||||
* | do not specify a default class when searching for objects to delete | Nikos Mavrogiannopoulos | 2013-12-23 | 1 | -5/+5 |
| | | | | | This fixed issue when trying to delete all the keys in a token by using the token URL. | ||||
* | pkcs11_get_random was renamed | Nikos Mavrogiannopoulos | 2013-12-21 | 1 | -1/+1 |
| | |||||
* | ensure that all the exported pkcs11 functions initialize PKCS #11. | Nikos Mavrogiannopoulos | 2013-12-09 | 1 | -0/+12 |
| | |||||
* | Improvements in PKCS #11 support. | Nikos Mavrogiannopoulos | 2013-11-09 | 1 | -3/+7 |
| | | | | | | | | Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer. The latter function allows to obtain the issuer of a certificate stored in a token. While traversing tokens, use the URL provided by the user, to avoid looking for objects in unrelated tokens. | ||||
* | simplified gnutls_pkcs11_copy_x509_crt() | Nikos Mavrogiannopoulos | 2013-11-09 | 1 | -10/+2 |
| | |||||
* | reindented code | Nikos Mavrogiannopoulos | 2013-11-08 | 1 | -736/+694 |
| | |||||
* | simplified code | Nikos Mavrogiannopoulos | 2013-10-30 | 1 | -4/+1 |
| | |||||
* | get random data from pkcs#11 tokens | Wolfgang Meyer zu Bergsten | 2013-10-25 | 1 | -0/+61 |
| | | | | Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com> | ||||
* | Use LGPLv2.1 in the files their author's agreed to. | Nikos Mavrogiannopoulos | 2013-02-03 | 1 | -1/+1 |
| | |||||
* | GNUTLS_PKCS11_PIN -> GNUTLS_PIN | Nikos Mavrogiannopoulos | 2012-07-21 | 1 | -2/+2 |
| | |||||
* | Added PIN callbacks in structures that may require PIN access to override ↵ | Nikos Mavrogiannopoulos | 2012-07-16 | 1 | -4/+4 |
| | | | | the global callbacks. | ||||
* | PIN callback function was made more generic than PKCS #11. | Nikos Mavrogiannopoulos | 2012-07-16 | 1 | -1/+1 |
| |