DNSSEC PKCS11 support

Added 193 commits:

2ce2a757...7e8072e2 - 127 commits from branch master
512b2030 - dnssec: pkcs11 placeholder API
c013881b - dnssec: manual pkcs11 initialization
cbd12e04 - dnssec: add DNSSEC_PKCS11_FAILED_TO_LOAD
2836f2f3 - dnssec: add cleanup macro for gnutls_pubkey_t
abc390f9 - dnssec: PKCS11 generate key with fixed CKA_ID
768052bc - dnssec: initial unit tests for PKCS11 interface
22cc3bdc - dnssec: conditional compilation of PKCS11 support
9cf192fa - dnssec: dnssec_key_t remove key ID
af23f7a1 - dnssec: key ID required to import private key from keystore
a73b2907 - dnssec: fix missing includes
f12c5d00 - dnssec: KASP store key ID in dnssec_kasp_key_t
54f95867 - dnssec: keymgr, update to new key ID location
c2765dff - dnssec/tests: validate empty zone in KASP zone_load callback
81dd3656 - dnssec: validate zone before serializing into KASP
80610225 - server: adapt to new key loading API
6f68da36 - online signing: adapt to new key loading API
cef80ba4 - dnssec: fix gnutls_pkcs11_privkey_generate3 detection
b3799a65 - dnssec: PKCS11, generate key with random CKA_ID
82f978ac - dnssec: PKCS11, generate key unique URL
85f5a892 - dnssec: PKCS11, delete key from token
bc3a9659 - dnssec: PKCS11, load private key
c0d7ffe2 - dnssec: PKCS11, refactor variable names
0b4f52c5 - dnssec: pkcs11 keystore close is no-op
59edb801 - dnssec: pkcs11, implement keystore content listing
df6b0e67 - dnssec: pkcs11 key delete, fix error code processing
bc6eee03 - indicate PKCS 11 supported in configure summary
1ce8d660 - libtap: add test_mkdtemp() and test_rm_rf()
adaa36bf - dnssec: conditional PKCS 11 crypto initialization
98a55ce4 - dnssec: tests for PKCS 11 keystore
f9b4fa5f - dnssec: fix leak in PKCS 11 keystore deinit
08452521 - dnssec: remove unused context variable
ed1c42c4 - dnssec: tidy up the internal PEM interface
72cec143 - dnssec: fix config name in PKCS 11 test
41e91c85 - dnssec: prepare for internal keyid API
cc0f4df8 - dnssec: key ID conversions for GnuTLS in internal API
e3e4a5a8 - dnssec: PEM, use new key ID API
c46dfcac - dnssec: fix typo in tests
c0a9cea5 - dnssec: add expected signature into PKCS 11 test
15f61248 - dnssec: share flags for all objects added to PKCS 11 token
320883f1 - dnssec: implement key import into PKCS 11 token
1c3fb5ce - dnssec: fix error code for invalid key lookup in PKCS11 token
934aa2bf - dnssec: use default GnuTLS key ID flags
7ea80342 - dnssec: skelet for KASP keystore entity
6f152e46 - dnssec: add tests for KASP keystore
37c8a4c1 - dnssec: fix memory leak in dnssec_kasp_keystore_free
05440fc8 - dnssec: KASP dir storage, keystore placeholder implementation
be84ffbc - dnssec: refactor entity access in KASP dir implementation
b759e27e - dnssec: remove KASP dir store implementation from module scope
c54c6bc3 - dnssec: add kasp_keystore_cleanup into internal API
9dd60a7e - dnssec: KASP string attribute encoding in JSON
23c32c12 - dnssec: KASP keystore serialization
2ea0fe47 - dnssec: fix JSON string serialization
21e3f572 - dnssec: fix configuration path construction in KASP dir storage
1d85cc2b - dnssec: internal API providing KASP base path
fa416144 - dnssec: interface to open key store from the KASP configuration
40e2f321 - dnssec: add 'manual' flag into policy
8c298aa4 - dnssec: algorithm aware default policy
2f7ce9c5 - server: manual policy based on libdnssec defaults
82cf91aa - fix different enum values comparison
454ba99d - dnssec: fix key ID setting in automatic key generating
980bf56f - dnssec: set keystore in policy
c4ab2569 - dnssec: use constants for backend specification
3e485752 - dnssec: require module name in PKCS 11 config
5a70bb8c - server: pick correct dnssec keystore
6a9a6a58 - dnssec: remove useless comment
a4c56124 - dnssec: fix shared linking by moving keyid to shared

Added 6 commits:

240976b4 - dnssec: more details in keymgr keystore show
88f68903 - dnssec: keymgr man, provide new description of keystore subcommand
d3051aff - dnssec: keymgr man, init command adds default policy and default key store
cd196686 - dnssec: keymgr man, add new policy attributes
42acb42a - dnssec: keymgr man, fix wrapping of long commands
6ec6a9b3 - dnssec: keymgr man, regenerate manual page

Added 4 commits:

cf516272 - doc: DNSSEC changes realted to new keystore support
2e64ea6d - dnssec: switch default algorithm to ECDSA-P256-SHA256
85523853 - doc: new default DNSSEC algorithm
958d641e - doc: add new DNSSEC policy options

Added 6 commits:

e0ad606e - dnssec: keystore open/init with path fix workaround
f8b74011 - dnssec: remove outdated TODO
0a00aa12 - dnssec: retain reference to keystore when clearing policy settings
1d2d0cce - dnssec: keymgr, enforce policy and keystore setting
4b8403c5 - server: policy loading in server with updated API
95e9dad7 - tests-extra: manual signing policy in all KASP databases

Added 1 commit:

6d36fc6b - dnssec: fix memory leak in KASP zone freeing

Added 3 commits:

5b348126 - tests-extra: update KASP database in dnssec/dnskey_algorithms
7b0ec0c5 - tests-extra: update policy in dnssec/dnskey_timestamps
7c204b5e - tests-extra: fix policy in dnssec/no_resign

Title changed from WIP: DNSSEC PKCS11 support to DNSSEC PKCS11 support

mentioned in commit 0b60906a

Status changed to merged

Admin message

Admin message

DNSSEC PKCS11 support

Merge request reports

Activity