Skip to content
Snippets Groups Projects

DNSSEC PKCS11 support

Merged Jan Včelák requested to merge dnssec-hsm into master

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Jan Včelák Added 193 commits:

    Added 193 commits:

    • 2ce2a757...7e8072e2 - 127 commits from branch master
    • 512b2030 - dnssec: pkcs11 placeholder API
    • c013881b - dnssec: manual pkcs11 initialization
    • cbd12e04 - dnssec: add DNSSEC_PKCS11_FAILED_TO_LOAD
    • 2836f2f3 - dnssec: add cleanup macro for gnutls_pubkey_t
    • abc390f9 - dnssec: PKCS11 generate key with fixed CKA_ID
    • 768052bc - dnssec: initial unit tests for PKCS11 interface
    • 22cc3bdc - dnssec: conditional compilation of PKCS11 support
    • 9cf192fa - dnssec: dnssec_key_t remove key ID
    • af23f7a1 - dnssec: key ID required to import private key from keystore
    • a73b2907 - dnssec: fix missing includes
    • f12c5d00 - dnssec: KASP store key ID in dnssec_kasp_key_t
    • 54f95867 - dnssec: keymgr, update to new key ID location
    • c2765dff - dnssec/tests: validate empty zone in KASP zone_load callback
    • 81dd3656 - dnssec: validate zone before serializing into KASP
    • 80610225 - server: adapt to new key loading API
    • 6f68da36 - online signing: adapt to new key loading API
    • cef80ba4 - dnssec: fix gnutls_pkcs11_privkey_generate3 detection
    • b3799a65 - dnssec: PKCS11, generate key with random CKA_ID
    • 82f978ac - dnssec: PKCS11, generate key unique URL
    • 85f5a892 - dnssec: PKCS11, delete key from token
    • bc3a9659 - dnssec: PKCS11, load private key
    • c0d7ffe2 - dnssec: PKCS11, refactor variable names
    • 0b4f52c5 - dnssec: pkcs11 keystore close is no-op
    • 59edb801 - dnssec: pkcs11, implement keystore content listing
    • df6b0e67 - dnssec: pkcs11 key delete, fix error code processing
    • bc6eee03 - indicate PKCS 11 supported in configure summary
    • 1ce8d660 - libtap: add test_mkdtemp() and test_rm_rf()
    • adaa36bf - dnssec: conditional PKCS 11 crypto initialization
    • 98a55ce4 - dnssec: tests for PKCS 11 keystore
    • f9b4fa5f - dnssec: fix leak in PKCS 11 keystore deinit
    • 08452521 - dnssec: remove unused context variable
    • ed1c42c4 - dnssec: tidy up the internal PEM interface
    • 72cec143 - dnssec: fix config name in PKCS 11 test
    • 41e91c85 - dnssec: prepare for internal keyid API
    • cc0f4df8 - dnssec: key ID conversions for GnuTLS in internal API
    • e3e4a5a8 - dnssec: PEM, use new key ID API
    • c46dfcac - dnssec: fix typo in tests
    • c0a9cea5 - dnssec: add expected signature into PKCS 11 test
    • 15f61248 - dnssec: share flags for all objects added to PKCS 11 token
    • 320883f1 - dnssec: implement key import into PKCS 11 token
    • 1c3fb5ce - dnssec: fix error code for invalid key lookup in PKCS11 token
    • 934aa2bf - dnssec: use default GnuTLS key ID flags
    • 7ea80342 - dnssec: skelet for KASP keystore entity
    • 6f152e46 - dnssec: add tests for KASP keystore
    • 37c8a4c1 - dnssec: fix memory leak in dnssec_kasp_keystore_free
    • 05440fc8 - dnssec: KASP dir storage, keystore placeholder implementation
    • be84ffbc - dnssec: refactor entity access in KASP dir implementation
    • b759e27e - dnssec: remove KASP dir store implementation from module scope
    • c54c6bc3 - dnssec: add kasp_keystore_cleanup into internal API
    • 9dd60a7e - dnssec: KASP string attribute encoding in JSON
    • 23c32c12 - dnssec: KASP keystore serialization
    • 2ea0fe47 - dnssec: fix JSON string serialization
    • 21e3f572 - dnssec: fix configuration path construction in KASP dir storage
    • 1d85cc2b - dnssec: internal API providing KASP base path
    • fa416144 - dnssec: interface to open key store from the KASP configuration
    • 40e2f321 - dnssec: add 'manual' flag into policy
    • 8c298aa4 - dnssec: algorithm aware default policy
    • 2f7ce9c5 - server: manual policy based on libdnssec defaults
    • 82cf91aa - fix different enum values comparison
    • 454ba99d - dnssec: fix key ID setting in automatic key generating
    • 980bf56f - dnssec: set keystore in policy
    • c4ab2569 - dnssec: use constants for backend specification
    • 3e485752 - dnssec: require module name in PKCS 11 config
    • 5a70bb8c - server: pick correct dnssec keystore
    • 6a9a6a58 - dnssec: remove useless comment
    • a4c56124 - dnssec: fix shared linking by moving keyid to shared
    Toggle commit list
  • Jan Včelák Added 6 commits:

    Added 6 commits:

    • 240976b4 - dnssec: more details in keymgr keystore show
    • 88f68903 - dnssec: keymgr man, provide new description of keystore subcommand
    • d3051aff - dnssec: keymgr man, init command adds default policy and default key store
    • cd196686 - dnssec: keymgr man, add new policy attributes
    • 42acb42a - dnssec: keymgr man, fix wrapping of long commands
    • 6ec6a9b3 - dnssec: keymgr man, regenerate manual page
    Toggle commit list
  • Jan Včelák Added 4 commits:

    Added 4 commits:

    • cf516272 - doc: DNSSEC changes realted to new keystore support
    • 2e64ea6d - dnssec: switch default algorithm to ECDSA-P256-SHA256
    • 85523853 - doc: new default DNSSEC algorithm
    • 958d641e - doc: add new DNSSEC policy options
    Toggle commit list
  • Jan Včelák Added 6 commits:

    Added 6 commits:

    • e0ad606e - dnssec: keystore open/init with path fix workaround
    • f8b74011 - dnssec: remove outdated TODO
    • 0a00aa12 - dnssec: retain reference to keystore when clearing policy settings
    • 1d2d0cce - dnssec: keymgr, enforce policy and keystore setting
    • 4b8403c5 - server: policy loading in server with updated API
    • 95e9dad7 - tests-extra: manual signing policy in all KASP databases
    Toggle commit list
  • Jan Včelák Added 1 commit:

    Added 1 commit:

    • 6d36fc6b - dnssec: fix memory leak in KASP zone freeing
  • Jan Včelák Added 3 commits:

    Added 3 commits:

    • 5b348126 - tests-extra: update KASP database in dnssec/dnskey_algorithms
    • 7b0ec0c5 - tests-extra: update policy in dnssec/dnskey_timestamps
    • 7c204b5e - tests-extra: fix policy in dnssec/no_resign
  • Jan Včelák Title changed from WIP: DNSSEC PKCS11 support to DNSSEC PKCS11 support

    Title changed from WIP: DNSSEC PKCS11 support to DNSSEC PKCS11 support

  • Daniel Salzman mentioned in commit 0b60906a

    mentioned in commit 0b60906a

  • Daniel Salzman Status changed to merged

    Status changed to merged

Please register or sign in to reply