Priit Laes
0b4b7fbaf0
openssl: Drop all compatibility checks for <=openssl-1.0.0
2020-01-06 15:47:07 +01:00
Julian Strobl
e9aa163fe5
pkcs11-tool: fix output of test_decrypt
...
Before the output looked like this, if a public key was not found:
```
testing key 1 (IDKey2)
RSA-X-509: OK
RSA-PKCS: OK
testing key 2 (IDKey3)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
RSA-X-509: RSA-PKCS: testing key 3 (IDKey4)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
```
Now:
```
testing key 1 (IDKey2)
RSA-X-509: OK
RSA-PKCS: OK
testing key 2 (IDKey3) -- can't find corresponding public key, skipping
testing key 3 (IDKey4) -- can't find corresponding public key, skipping
```
2019-12-28 18:15:55 +01:00
Julian Strobl
81940e123b
pkcs11-tool: align output for test_signature
...
Before it was a bit confusing, e.g.:
```
testing key 1 (2048 bits, label=IDKey2) with 1 signature mechanism
RSA-X-509: OK
couldn't find the corresponding pubkey
testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
```
The error message in line 3 is for IDKey3 and not for IDKey2.
With this patch the output is aligned with `test_verify`:
```
testing key 1 (IDKey2) with 1 mechanism
RSA-X-509: OK
testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
```
2019-12-28 18:15:55 +01:00
Frank Morgner
07cff0e168
fixed 341844 Incorrect deallocator used
2019-11-05 21:49:30 +01:00
Frank Morgner
53ff7182fb
pkcs11-tool: disable wrap/unwrap test ( #1808 )
...
... until https://github.com/OpenSC/OpenSC/issues/1796 is resolved
2019-10-01 11:52:33 +02:00
Frank Morgner
e2491a7d7f
pkcs11-tool: fixed displaying secret key attributes ( #1807 )
...
fixes https://github.com/OpenSC/OpenSC/issues/1805
2019-10-01 11:51:55 +02:00
Frank Morgner
25bc8fc167
fix https://github.com/OpenSC/OpenSC/issues/1786
...
Thanks to Alexandre Gonzalo
2019-09-16 13:06:38 +02:00
Raul Metsma
3a192e2c87
pkcs11-tool: Add extractable option to key import
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-06-03 10:59:58 +02:00
Doug Engert
a2dd500624
Fix pkcs11-tool encryption error Fix #1694
...
Make sure data being encrypted is less then the modulus.
On branch pkcs11-tool-encryption
Changes to be committed:
modified: ../tools/pkcs11-tool.c
2019-05-31 14:16:24 +02:00
Jakub Jelen
e501c5ae81
Unbreak build without OpenSSL
2019-05-21 18:44:06 +02:00
Frank Morgner
e275b34269
fixed 339157 Unused value
2019-05-14 14:50:17 +02:00
Frank Morgner
86ba3ea489
fixed Wrong type of arguments to formatting function
2019-05-02 10:08:28 +02:00
Frank Morgner
8382f243b2
fixed 337891 Out-of-bounds write
2019-04-25 15:44:11 +02:00
Frank Morgner
bfa94dc90d
Merge pull request #1600 from AlexandreGonzalo/trustonic_pkcs11
2019-04-25 14:51:54 +02:00
alegon01
e21cb5712c
Fix in encrypt_decrypt(), initialize the mgf
2019-04-24 14:03:35 +02:00
Dmitriy Fortinskiy
8cf1e6f769
pkcs11-tool: List supported GOST mechanisms
2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
a5382d32fd
pkcs11-tool: Show GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
0e12b1dc71
pkcs11-tool: Generate GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
4614beb87e
pkcs11-tool: Add keys access flags
2019-04-17 16:40:41 +02:00
Raul Metsma
91a1dd9af4
Option to delete object by index
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:38:40 +02:00
Raul Metsma
3935d501bf
Implement Secret Key write object
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:37:49 +02:00
Frank Morgner
fe95520e3e
explicitly import libpkcs11.h
2019-04-08 11:16:13 +02:00
Jakub Jelen
fc4d600634
pkcs11-tool: Allow to set CKA_ALLOWED_MECHANISMS when creating an objects
...
Also list them in the attributes listing
2019-04-08 11:15:19 +02:00
alegon01
f631b5f733
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:39:52 +02:00
alegon01
4913feadb8
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:38:12 +02:00
alegon01
31831c300b
Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits.
2019-03-12 08:52:06 +01:00
alegon01
728d099a53
FIX typo OpenSSL vs OpenSsl.
2019-03-06 11:35:11 +01:00
alegon01
b327b76134
FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt().
2019-03-06 10:26:05 +01:00
Frank Morgner
ba185954c5
fixed 333709 Unchecked return value
2019-03-06 00:42:38 +01:00
alegon01
7271fe610b
Add support for the OpenSsl signature format for the signature verification.
2019-02-18 16:03:41 +01:00
alegon01
9ae507c5f8
Fix indentation.
2019-02-12 14:09:26 +01:00
alegon01
b63a868e68
Fix build when EVP_PKEY_CTX_set_rsa_oaep_md is not defined.
2019-02-12 10:42:39 +01:00
alegon01
973625773b
Fix encrypt_decrypt() for CKM_RSA_PKCS_OAEP. It is working fine now with OpenSsl 1.1.1a.
2019-02-07 10:42:48 +01:00
alegon01
084624f340
Fix CKM_RSA_PKCS in encrypt_decrypt().
2019-02-05 12:03:51 +01:00
alegon01
9aa413bd7e
Fix CKM_RSA_X_509 encrypt_decrypt(). Improve the code for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP. For these alogs, only CKM_SHA_1 is supported.
2019-02-05 11:35:42 +01:00
alegon01
d25fbe3cec
Remove 2 useless comments in encrypt_decrypt().
2019-02-05 11:24:33 +01:00
alegon01
3d09823df0
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined. Fix formatting.
2019-02-04 14:26:02 +01:00
alegon01
f030aa2c25
Add support for CKM_RSA_X_509 in encrypt_decrypt() and decrypt_data().
2019-02-04 14:23:13 +01:00
alegon01
9b7605ff3c
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). Only set the OAEP params for CKM_RSA_PKCS_OAEP, I had an issue with a variable not initialized.
2019-02-01 15:27:55 +01:00
alegon01
cf617da4bd
Before calling encrypt_decrypt() make sure that the mechanism is for RSA and supports decryption, otherwise skip it.
2019-02-01 11:37:47 +01:00
alegon01
2be799f739
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal(). fix formatting.
2019-02-01 11:35:25 +01:00
alegon01
16ca73ae40
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal().
2019-02-01 11:19:33 +01:00
alegon01
968bfa8444
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt().
2019-02-01 09:16:59 +01:00
alegon01
ff3448fb18
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined.
2019-02-01 09:13:21 +01:00
alegon01
f412995811
Bug fix in verify_signature() when the buffer to verify is larger than 1025 bytes. In this case, the signature length given to C_VerifyFinal() was incorrect.
2019-02-01 09:10:02 +01:00
opensignature
84f0a88edb
Remove postecert and infocamere support because no longer issued ( #1584 )
...
* Remove postecert and infocamere support because no longer issued
* Remove wrong changes
* reset NEWS
* EC_POINT_set_affine_coordinates_GFp and EC_POINT_get_affine_coordinates_GFp are
deprecated, use EC_POINT_set_affine_coordinates and EC_POINT_get_affine_coordinates
* If OPENSSL API version is < 3 use old functions EC_POINT_[sg]et_affine_coordinates_GFp
* Move the OpenSSL compatibility stuff to src/libopensc/sc-ossl-compat.h
2019-01-30 22:01:24 +01:00
Frank Morgner
993f6f5cc6
Use opensc-pkcs11.so for static build of pkcs11-tool
...
Statically link opensc-pkcs11 into pkcs11-tool with --disable-shared
2019-01-30 21:57:59 +01:00
Frank Morgner
4b30858092
pkcs11-tool: fixed argument type
...
reported by lgtm
2019-01-20 23:02:21 +01:00
Martin Paljak
c3a9837b10
Add mechanisms used by SoftHSM2
...
/Library/OpenSC/bin/pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -M
will not show any more numeric mechanisms.
Source: https://www.cryptsoft.com/pkcs11doc/STANDARD/include/v240e01/pkcs11t.h
2019-01-15 13:07:58 +02:00
Mat
e19fe680c4
Add object type "secrkey" to help of --type switch in pkcs11-tool ( #1575 )
...
* Add object type "secrkey" to help of --type switch in pkcs11-tool
Reading an object with pkcs11-tool requires the `--type` switch. The help for that switch is currently incomplete as it is missing the (not very friendly named" *secrkey* option used to read out a secret key object.
I have added this information to the help description.
* Update man page
Describe secrkey option of pkcs11-tool's --type switch in man page
2019-01-15 07:32:41 +01:00