summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* trust: Print label of certificate when complaining about basic constraintsStef Walter2014-08-081-1/+5
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=82328
* trust: Double check that index bucket is valid before accessStef Walter2014-08-081-2/+2
|
* p11-kit: Remove use after free in debug output code pathStef Walter2014-08-081-1/+1
|
* Quiten down scanner warnings about unused variablesStef Walter2014-08-082-8/+2
|
* common: Quiet down clang scanner with assertionsStef Walter2014-08-081-1/+1
| | | | | Quieten down the clang scanner by telling it to expect that our test assertions fail
* Fix mostly erroneous scanner warnings in testsStef Walter2014-08-0811-2/+22
|
* trust: Fix leak in token loading error pathStef Walter2014-08-081-0/+1
|
* trust: Fix unlikely use of uninitialized memory in token loadingStef Walter2014-08-081-3/+3
|
* trust: Fix leak in trust list commandStef Walter2014-08-081-0/+1
|
* trust: Fix use after free and double free in extract commandStef Walter2014-08-081-7/+4
|
* trust: Remove dead while condition in anchor commondStef Walter2014-08-081-1/+1
|
* p11-kit: Fix integer overflow in memset() argumentStef Walter2014-08-081-1/+1
|
* p11-kit: Fix bad check of asprintf() return valueStef Walter2014-08-081-1/+1
|
* configure.ac: Add subdir-objects to satisfy newer automakesStef Walter2014-08-081-1/+1
|
* trust: Fix use of invalid memory in PEM parserStef Walter2014-08-081-3/+1
|
* trust: Parse TRUSTED CERTIFICATE openssl format even without CertAuxStef Walter2014-08-083-13/+151
| | | | | | | | openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the additional CertAux (ie: trust fields) information. It simply leaves that block out. This happens with a command like: $ openssl x509 -in my-cert.pem -out output -trustout
* common: Allow specifying which tests to run on command lineStef Walter2014-08-081-1/+33
| | | | | | This modifies our common unit test code so we can specify full test paths on the command line, and restrict the run tests to the ones specified. Order is not respected at this time.
* Release version 0.21.1Stef Walter2014-08-072-1/+7
|
* po: Add new translations: ocStef Walter2014-08-073-1/+344
|
* common: Don't do repeated linear reallocation of array memoryStef Walter2014-08-071-1/+4
| | | | | | | Some mallocs (notably on Windows) have really poor behavior when called repeatedly with a linearly growing buffer. https://bugzilla.redhat.com/show_bug.cgi?id=985419
* p11-kit: Tweak last commit, handle the not-forked caseStef Walter2014-08-071-1/+4
| | | | | When we hadn't forked, but were just not initialized, still return CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
* p11-kit: Don't complain about C_Finalize called in wrong processStef Walter2014-08-071-6/+13
| | | | | | When C_Finalize is called in the wrong process, it's often because of a caller unaware of forking. This is a painful area of PKCS#11, but at least for C_Finalize, lets not complain loudly about it.
* p11-kit: Add a new 'isolate' pkcs11 config optionStef Walter2014-07-083-12/+44
| | | | | | | This sets 'remote' appropriately to run the module in a separate process. https://bugs.freedesktop.org/show_bug.cgi?id=80472
* p11-kit: Cleanup and add documentation for 'remote' optionStef Walter2014-07-084-28/+59
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=54105
* p11-kit: Add 'p11-kit remote' command for isolating modulesStef Walter2014-07-087-58/+161
| | | | | This adds a new tool to the p11-kit command called 'remote'. This is the server side of remoting a PKCS#11 module.
* rpc: Implement execution of another tool to transport PKCS#11 RPCStef Walter2014-07-089-44/+1600
|
* mock: Minor testing tweaks to mock testingStef Walter2014-07-081-2/+2
|
* modules: Make config file and module configs overridable by testsStef Walter2014-07-082-4/+18
|
* test: Move some file and directory code into general test stuffStef Walter2014-07-085-129/+119
|
* Add compatibility fdwalk() functionStef Walter2014-07-083-0/+83
| | | | | This is used when execing another process to close all open file descriptors that we don't wish to be inherited.
* rpc: Implement PKCS#11 messages/client/server codeStef Walter2014-07-0814-2/+6163
| | | | | | | | | | | | * This enables passing around bytes which represent PKCS#11 RPC calls. * Caller is responsible for connecting/disconnecting and so on. * Client side caller gets a mixin from p11_rpc_client_init() to call into, which generates callbacks with byte arrays to be transported. * Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR on which relevant methods get called. * Doesn't yet implement the actual daemon or clients etc... https://bugs.freedesktop.org/show_bug.cgi?id=54105
* Fix typo: supress - > suppressAndreas Metzler2014-07-074-4/+4
|
* Release version 0.20.3Stef Walter2014-07-042-1/+11
|
* Added test for non-null values in empty ID and label URI partsNikos Mavrogiannopoulos2014-07-041-0/+66
|
* p11-kit: Mark p11_kit_be_quiet() and p11_kit_be_loud() stableStef Walter2014-07-042-6/+6
| | | | | These are useful functions for callers who want to supress all output from p11-kit library.
* p11-kit: Handle managed modules correctly when forkingStef Walter2014-07-042-5/+56
| | | | | | | | Correctly allow reinitialization when a process forks. We don't yet implement checks on all entry points of a managed module, but this allows callers to call C_Initialize again after forking, as outlined by the PKCS#11 v2 spec.
* common: Fixed implementation of strerror_r for WinXPPavel A2014-07-011-0/+15
| | | | | | ie: when streror_s is missing in msvcrt.dll https://bugs.freedesktop.org/show_bug.cgi?id=76594
* p11-kit: Fix corrupted list when initialization of modules failStef Walter2014-06-251-0/+2
| | | | | | | | This fixes the function call p11_kit_module_initialize() to correctly rearrange the modules array when initializing a module fails. Also fixes p11_kit_modules_load_and_initialize()
* Don't try to symlink p11-proxy.so on windowsMilan Crha2014-06-201-5/+5
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=76594
* configure: Require automake 1.12 or laterStef Walter2014-06-201-1/+1
| | | | | We can't use automake 1.10 as serial-tests is not supported there.
* Proposed fix for compiler warnings in common/compat.cPavel A2014-06-201-19/+23
| | | | | | | | | | | | | when buliding for Windows (mingw). This issue has been reported in bug #76594 a. Moved vasprintf before asprintf b. Added prototypes for each of them Thanks, pa Signed-off-by: Pavel A <pavel.aronsky@daynix.com>
* proxy: Fix cases where modules are unloaded while in useStef Walter2014-02-131-22/+31
| | | | | | | | | | | | | The proxy module would unload the PKCS#11 modules it was proxying when C_Finalize() was called. However if a caller in another thread was inside of a PKCS#11 function at the time, this would cause a crash. Change things around so that underlying modules are finalized during the proxy C_Finalize() but not released/unloaded until the proxy module itself is unloaded. https://bugs.freedesktop.org/show_bug.cgi?id=74919
* proxy: Remove assertions when module is not initializedStef Walter2014-02-131-2/+0
| | | | | | | | We should return CKR_CRYPTOKI_NOT_INITIALIZED rather than assert() when proxy PKCS#11 functions are called before the module is initialized. https://bugs.freedesktop.org/show_bug.cgi?id=74919
* Fix handling of mmap failure and mapping empty filesPascal Terjan2014-02-132-2/+26
| | | | | | | | | | | Check the return value of mmap() correctly. Empty files cannot be mmap'd so we implement some work around code for that. https://bugs.freedesktop.org/show_bug.cgi?id=74773 Signed-off-by: Stef Walter <stef@thewalter.net>
* Support running autogen.sh from srcdir != builddirStef Walter2014-01-291-2/+6
|
* Don't use 'aux' directory nameStef Walter2014-01-292-1/+1
| | | | | | Because Windows is really properly screwed up. https://bugs.freedesktop.org/show_bug.cgi?id=74149
* Release version 0.20.2Stef Walter2014-01-142-1/+8
|
* distcheck: Build with optimizations so we get proper warningsStef Walter2014-01-141-1/+3
|
* test-iter: Fix use of uninitialized variableStef Walter2014-01-141-0/+1
|
* trust: Add installcheck target for testing extractStef Walter2014-01-144-0/+198
| | | | | | | | This is an integration test that the extract and blacklist functionality basics work. More integration tests should follow, at which point we should place the various generic testing bits into their own file.